Security update for zabbix

This update for zabbix fixes the following issues: CVE-2024-36469: Introduced clamping for mitigation of timing attacks. bsc1240676 CVE-2024-42325: Restricted access to user fields using user.get API method for users of User and Admin type, and restricted access to alert entities using alert.get...

CVE-2025-68704

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2...

CVE-2023-40021 Timing Attack Reveals CSRF Tokens in oppia

Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator ==, which is not safe against timing attacks. By repeatedly submitting invalid tokens, an attacker can brute-force the expected CSRF token character by...

RHEL 7 : nss and nspr (RHSA-2020:4076)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4076 advisory. Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server...

openSUSE Security Update : MozillaThunderbird (openSUSE-2019-680)

This update for Mozilla Thunderbird to version 60.2.1 fixes multiple issues. Multiple security issues were fixed in the Mozilla platform as advised in MFSA 2018-25. In general, these flaws cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but are...