EUVD-2016-0737

Malware in sbrugna...

EUVD-2013-7072

Malware in sbrugna...

nss bug fix and enhancement update

An update is available for nss. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Network Security Services NSS is a set of libraries designed to support the...

nss bug fix and enhancement update

An update is available for nss. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Network Security Services NSS is a set of libraries designed to support the...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Red Hat Product Security has rated this update as...

CVE-2024-7531

The Mozilla Foundation Security Advisory describes this flaw as: Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on Intel Sandy Bridge and later processors. In Firefox this only affects the QUIC header protection feature when the...

CVE-2024-7531

Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcom...

CVE-2024-7531

Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcom...

CVE-2024-7531

Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcom...

UBUNTU-CVE-2024-7531

Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcom...

CVE-2024-7531

Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcom...

CVE-2024-7531

CVE-2024-7531 involves Mozilla Firefox and Firefox ESR. The connected documents confirm the underlying vulnerability: calling PK11_Encrypt() in NSS with CKM_CHACHA20 and using the same buffer for input and output can expose plaintext on Intel Sandy Bridge CPUs. In Firefox, the impact is limited t...

CVE-2024-7531

Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcom...

CVE-2024-7531

Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcom...

Security Vulnerabilities fixed in Firefox ESR 115.14 — Mozilla

Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. Incomplete WebAssembly exception handing could have led to a use-after-free. Editor code failed to check an attribute value. This cou...

Mozilla Firefox ESR < 115.14

The version of Firefox ESR installed on the remote Windows host is prior to 115.14. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-34 advisory. - Unexpected marking work at the start of sweeping could have led to a use-after-free. CVE-2024-7527 - Insufficient...

Mozilla Firefox ESR < 128.1

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 128.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-35 advisory. - Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. CVE-2024-7528 ...

Mozilla Firefox ESR < 115.14

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.14. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-34 advisory. - Unexpected marking work at the start of sweeping could have led to a use-after-free. CVE-2024-7527 -...

Security Bulletin: A security vulnerability has been identified in Open SSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2016-0702).

Summary Open SSL is shipped with IBM Tivoli Network Manager IP Edition version 3.9. Information about a security vulnerability affecting Open SSL has been published here. Vulnerability Details CVEID:CVE-2016-0702 DESCRIPTION: OpenSSL could allow a local attacker to obtain sensitive information,...

K79215841: OpenSSL vulnerability CVE-2016-0702

Security Advisory Description The MODEXPCTIMECOPYFROMPREBUF function in crypto/bn/bnexp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running ...