RHEL 8 : thunderbird (RHSA-2021:1201)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:1201 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.9.1. Security Fixes: Mozilla: ...

Mozilla: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key

An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use the invalid...

RHEL 8 : thunderbird (RHSA-2021:1190)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:1190 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.9.1. Security Fixes: Mozilla: ...

GHSA-7FJP-G4M7-FX23 User (Encrypted) Password Field Being Serialised

Impact Leaking Password field during serialisation of the User model. Password is in the encrypted form but if User model is requested in json or array form the value is printed. Patches Issue has been patched in version 0.3.7-beta and onwards. Workarounds Add the 'password' field to the Users...

User (Encrypted) Password Field Being Serialised

Impact Leaking Password field during serialisation of the User model. Password is in the encrypted form but if User model is requested in json or array form the value is printed. Patches Issue has been patched in version 0.3.7-beta and onwards. Workarounds Add the 'password' field to the Users...

CVE-2021-23991

If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might...

The vulnerability in the arch/x86/kvm/svm/sev.c component of the Kernel-based Virtual Machine (KVM) virtualization subsystem of Linux operating systems allows a attacker to cause a service failure.

The vulnerability in the kernel-based virtual machine KVM virtualization subsystem of Linux operating systems, specifically in the arch/x86/kvm/svm/sev.c component, involves uncontrolled resource consumption. Exploiting this vulnerability can allow an attacker to cause service failures...

DEBIAN-CVE-2020-36311

An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service soft lockup by triggering destruction of a large SEV VM which requires unregistering many encrypted regions, aka CID-7be74942f184...

UBUNTU-CVE-2020-36311

An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service soft lockup by triggering destruction of a large SEV VM which requires unregistering many encrypted regions, aka CID-7be74942f184...

GHSA-RJ44-GPJC-29R7 [thi.ng/egf] Potential arbitrary code execution of `#gpg`-tagged property values

Impact Potential for arbitrary code execution in gpg-tagged property values only if decrypt: true option is enabled Patches A fix has already been released as v0.4.0 Workarounds By default, EGF parse functions do NOT attempt to decrypt values since GPG is only available in non-browser env. Howeve...

CVE-2021-24027

A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read cached TLS material...

Signal Adds a Payments Feature—With Cryptocurrency

The encrypted messaging app is integrating support for MobileCoin in a bid to keep up with the features offered by its more mainstream rivals...

Linux kernel 安全漏洞

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A denial of service vulnerability exists in arch/x86/kvm/svm/sev.c in Linux kernel versions prior to 5.9. An attacker...

CVE-2020-11922

An issue was discovered in WiZ Colors A60 1.14.0. The device sends unnecessary information to the cloud controller server. Although this information is sent encrypted and has low risk in isolation, it decreases the privacy of the end user. The information sent includes the local IP address being...

CVE-2020-11922

An issue was discovered in WiZ Colors A60 1.14.0. The device sends unnecessary information to the cloud controller server. Although this information is sent encrypted and has low risk in isolation, it decreases the privacy of the end user. The information sent includes the local IP address being...

CVE-2020-11922

An issue was discovered in WiZ Colors A60 1.14.0. The device sends unnecessary information to the cloud controller server. Although this information is sent encrypted and has low risk in isolation, it decreases the privacy of the end user. The information sent includes the local IP address being...

PYSA, the ransomware attacking schools

The education sector’s cybersecurity problem has compounded in the last few months. A recent warning from the FBI, in mid-March, put schools in the US and UK on notice of increased attacks from the threat actors behind the PYSA ransomware. If this is the first time you’ve heard of this family, re...

The one reason your iPhone needs a VPN

For years, Apple has marketed its iPhone as the more secure, more private option when compared to other smart phones, which do not, by default, include an end-to-end encrypted messaging app, warn users repeatedly about app location requests, or provide a privacy-forward Single Sign-On feature. Bu...

ProtonVPN CEO Blasts Apple for 'Aiding Tyrants’ in Myanmar

In a blog post filled with a passionate defense of human rights and internet privacy, Andy Yen, the CEO of secure internet provider ProtonVPN, blasted Apple for blocking its latest update and accused the tech juggernaut of helping the global spread of authoritarianism by “giving in to tyrants.” Y...

[SECURITY] Fedora 34 Update: openssh-8.5p1-2.fc34

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...