Type confusion

Versions =8.5.1 of jsonwebtoken library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. You are affected if you are using an algorithm and a key type other than a combination listed in the...

CVE-2022-23541 jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC

jsonwebtoken is an implementation of JSON Web Tokens. Versions = 8.5.1 of jsonwebtoken library can be misconfigured so that passing a poorly implemented key retrieval function referring to the secretOrPublicKey argument from the readme link will result in incorrect verification of tokens. There i...

USN-3991-2: Firefox regression

USN-3991-1 fixed vulnerabilities in Firefox. The update caused a regression which resulted in issues when upgrading between Ubuntu releases. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user...

FreeBSD : mozilla -- multiple vulnerabilities (44b6dfbf-4ef7-4d52-ad52-2b1b05d81272)

Mozilla Foundation reports : CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS CVE-2019-9816: Type confusion with object groups and UnboxedObjects CVE-2019-9817: Stealing of cross-domain images using canvas CVE-2019-9818: Use-after-free in crash generation server...

Ubuntu 16.04 LTS / 18.04 LTS : Firefox vulnerabilities (USN-3991-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3991-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could...

Ubuntu: Security Advisory (USN-3991-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3991-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, trick the user in to launching local executable binaries, obtain sensitive...

OpenSSL Bleichenbacher oracle vulnerability

OpenSSL is an open source implementation of SSL used to enable strong encryption of network communications and is now widely used in a variety of web applications. OpenSSL 1.0.2, 1.0.1l, 1.0.0q, 0.9.8ze and earlier versions have a security vulnerability in export key combinations applying...

Fedora 16 : xkeyboard-config-2.3-3.fc16 (2012-0712)

The previous version of xkeyboard-config included the key combinations to clear and/or kill grabs in the default keymap. This enabled users to get around screen locks that use grabs to prevent input to other applications e.g. gnome-screensaver. This update moves the definition of the key...

January 21, 2021-KB4598296 (OS Build 17763.1728) Preview

January 21, 2021-KB4598296 OS Build 17763.1728 Preview Release Date: 1/21/2021 Version: OS Build17763.1728 Important:12/8/20 Adobe Flash Player went out of support on December 31, 2020. For more information, see Adobe Flash end of support on December 31, 2020. Adobe started blocking Flash content...