Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Security fix for the ALT Linux 10 package thunderbird version 78.7.0-alt1

Jan. 27, 2021 Andrey Cherepanov 78.7.0-alt1 - New version 78.7.0. - Security fixes: + CVE-2021-23953 Cross-origin information leakage via redirected PDF requests + CVE-2021-23954 Type confusion when using logical assignment operators in JavaScript switch statements + CVE-2020-15685 IMAP Response...

WSuspicious - A Tool To Abuse Insecure WSUS Connections For Privilege Escalations

This is a proof of concept program to escalate privileges on a Windows host by abusing WSUS. Details in this blog post: https://www.gosecure.net/blog/2020/09/08/wsus-attacks-part-2-cve-2020-1013-a-windows-10-local-privilege-escalation-1-day/ It was inspired from the WSuspect proxy project:...

CVE-2020-8583

Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session...

CVE-2020-8583

CVE-2020-8583 affects Element Software before 12.2 and HCI before 1.8P1. The vulnerability allows an attacker to discover sensitive information by intercepting data in an HTTPS session. In the provided documents, the affected versions and the nature of the exposure are stated, with high-impact co...

NetApp Netapp E-Series SANtricity OS Controller Software Information Disclosure Vulnerability

NetApp Netapp E-Series SANtricity OS Controller Software is a disk array OS control software from American NetApp. A security vulnerability exists in SANtricity OS Controller Software version 11.50.1 and later versions, which can be exploited by an attacker to discover sensitive information by...

Kazakhstan Begins Intercepting HTTPS Internet Traffic Of All Citizens Forcefully

If you are in Kazakhstan and unable to access the Internet service without installing a certificate, you're not alone. The Kazakhstan government has once again issued an advisory to all major local Internet Service Providers ISPs asking them to make it mandatory for all their customers to install...

CVE-2016-0353

IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Amazon Linux AMI : squid (ALAS-2016-713)

A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code. CVE-2016-4051 Buffer overflow and input validation flaws were found ...

Scientific Linux Security Update : squid on SL7.x x86_64 (20160531)

Security Fixes : - A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code. CVE-2016-4051 - Buffer overflow and input...

squid: multiple issues in ESI processing

Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack...

Lenovo Hit With Criticism Over Second Rootkit-Like Utility

Lenovo is under fire again for installing a covert utility on laptops and desktops that some users have compared to a rootkit. The issue stems from a utility called the Lenovo Service Engine, that is designed to collect some system information and send it to Lenovo at the time the machine connect...

DEBIAN-CVE-2013-7436

noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Session fixation

The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an...

CVE-2009-3584

SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...