3242 matches found
Rocky Linux 9 : thunderbird (RLSA-2024:4002)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:4002 advisory. thunderbird: Use-after-free in networking CVE-2024-5702 thunderbird: Use-after-free in JavaScript object transplant CVE-2024-5688 thunderbird: External...
CVE-2024-39894
OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry e.g., for su and Sudo because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur...
Rocky Linux 8 : thunderbird (RLSA-2024:4036)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:4036 advisory. thunderbird: Use-after-free in networking CVE-2024-5702 thunderbird: Use-after-free in JavaScript object transplant CVE-2024-5688 thunderbird: External...
OpenSSH < 9.8 RCE
The version of OpenSSH installed on the remote host is prior to 9.8. It is, therefore, affected by a vulnerability as referenced in the release-9.8 advisory. - This release contains fixes for two security problems, one critical and one minor. 1 Race condition in sshd8 A critical vulnerability in...
Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659
...
[SECURITY] [DLA 3846-1] libmojolicious-perl security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3846-1 [email protected] https://www.debian.org/lts/security/ Arturo Borrero Gonzalez June 28, 2024 https://wiki.debian.org/LTS -...
Debian dla-3846 : libmojolicious-perl - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3846 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3846-1 [email protected] https://www.debian.org/lts/security/...
GO-2024-2432 CubeFS timing attack can leak user passwords in github.com/cubefs/cubefs
CubeFS timing attack can leak user passwords in github.com/cubefs/cubefs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...
Mozilla: External protocol handlers leaked by timing attack
The Mozilla Foundation Security Advisory describes this flaw as: By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system...
RHEL 8 : thunderbird (RHSA-2024:4063)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4063 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fixes:...
PT-2024-6224
Name of the Vulnerable Software and Affected Versions: Django versions 4.2 through 4.2.13 Django versions 5.0 through 5.0.6 Description: The issue allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password. This is due to the...
MGASA-2024-0231 Updated thunderbird packages fix security vulnerabilities
Use-after-free in networking. CVE-2024-5702 Use-after-free in JavaScript object transplant. CVE-2024-5688 External protocol handlers leaked by timing attack. CVE-2024-5690 Sandboxed iframes were able to bypass sandbox restrictions to open a new window. CVE-2024-5691 Cross-Origin Image leak via...
User Enumeration
silverstripe/framework is vulnerable to User Enumeration. The vulnerability is due to a timing attack on the login or password reset pages, allowing an attacker to determine the existence of user credentials based on response times...
Mozilla: External protocol handlers leaked by timing attack
The Mozilla Foundation Security Advisory describes this flaw as: By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system...
Important: Red Hat Security Advisory: thunderbird security update
An update for thunderbird is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
Mozilla: External protocol handlers leaked by timing attack
The Mozilla Foundation Security Advisory describes this flaw as: By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system...
Important: Red Hat Security Advisory: thunderbird security update
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
Mozilla: External protocol handlers leaked by timing attack
The Mozilla Foundation Security Advisory describes this flaw as: By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system...
Mozilla: External protocol handlers leaked by timing attack
The Mozilla Foundation Security Advisory describes this flaw as: By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system...
Mozilla: External protocol handlers leaked by timing attack
The Mozilla Foundation Security Advisory describes this flaw as: By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system...