Astra Linux - уязвимость в firefox, thunderbird

The Opportunistic Encryption feature of HTTP2 RFC 8164 allows a connection to be transparently upgraded to TLS while maintaining the visual properties of an HTTP connection. This means that the connection remains within the same origin as unencrypted connections on port 80. However, if a second...

EUVD-2021-24959

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-38507

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Opportunistic Encryption feature of HTTP2 RFC 8164 allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP...

Security update for apache2

This update for apache2 fixes the following issues: CVE-2024-42516: Fixed HTTP response splitting. bsc1246477 CVE-2024-43204: Fixed a SSRF when modproxy is loaded that allows an attacker to send outbound proxy requests to a URL controlled by them. bsc1246305 CVE-2024-47252: Fixed insufficient...

NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2023-0009)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has firefox packages installed that are affected by multiple vulnerabilities: - crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, t...

SUSE CVE-2013-2052

Buffer overflow in the atodn function in libreswan 3.0 and 3.1, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service pluto IKE daemon crash and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be t...

SUSE CVE-2013-2054

Buffer overflow in the atodn function in strongSwan 2.0.0 through 4.3.4, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service pluto IKE daemon crash and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this...

SUSE CVE-2013-2053

Buffer overflow in the atodn function in Openswan before 2.6.39, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service pluto IKE daemon crash and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be...

SUSE CVE-2021-38507

The Opportunistic Encryption feature of HTTP2 RFC 8164 allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP addre...

Rocky Linux 8 : firefox (RLSA-2021:4123)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4123 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or...

AlmaLinux 8 : firefox (ALSA-2021:4123)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2021:4123 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigati...

Debian DLA-2874-1 : thunderbird - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2874 advisory. - During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash...

DEBIAN-CVE-2021-38507

The Opportunistic Encryption feature of HTTP2 RFC 8164 allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP addre...

Design/Logic Flaw

The Opportunistic Encryption feature of HTTP2 RFC 8164 allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP addre...

CVE-2021-38507

The Opportunistic Encryption feature of HTTP2 RFC 8164 allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP addre...

CentOS 7 : thunderbird (RHSA-2021:4134)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:4134 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or...

RHEL 8 : firefox (RHSA-2021:4607)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:4607 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

Updated firefox packages fix security vulnerability

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame CVE-2021-38503. When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-fre...

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame CVE-2021-38503. When interacting with an HTML input element's...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...