23141 matches found
OESA-2025-1498 ImageMagick security update
Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...
USN-7504-1 libreoffice vulnerability
Juraj Šarinay discovered that LibreOffice incorrectly handled verifying PDF signatures. A remote attacker could possibly use this issue to generate PDF files that appear to have a valid signature...
SUSE CVE-2025-47256
Libxmp through 4.6.2 has a stack-based buffer overflow in depackpha in loaders/prowizard/pha.c via a malformed Pha format tracker module in a .mod file...
Exploit for Unrestricted Upload of File with Dangerous Type in Sap Netweaver
SAP CVE-2025-31324 Check Overview This template is designe...
Economic Security of Multiple Shared Security Protocols
Whitepaper called Economic Security Of Multiple Shared Security Protocols...
CVE-2025-45388
Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting XSS in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface, the payload executes. NOTE: this is disputed by the Supplier because "It has been...
RLSA-2024:6197 Moderate: ghostscript security update
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: ghostscript: format string injection leads to shell command execution SAFER bypass...
vorbis-tools security update
An update is available for vorbis-tools. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The vorbis-tools packages provide an encoder, a decoder, a playback tool...
RLSA-2024:3095 Moderate: vorbis-tools security update
The vorbis-tools packages provide an encoder, a decoder, a playback tool, and a comment editor for Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format. Security Fixes: vorbis-tools: Buffer Overflow vulnerability CVE-2023-43361...
Moderate: Red Hat Security Advisory: libtiff security update
An update for libtiff is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
Configure the Remote Log Server
rsyslog can send local logs to a remote log server for unified storage. This facilitates centralized log management, prevents local logs from occupying too much drive space and being tampered with. If remote log storage is not configured, rsyslog logs are stored in local files. As far as the...
Configure Audit Rules for User Information Changes
Generally, for deployed services, users and user groups do not change. Passwords, however, are changed periodically but not frequently due to validity periods. It is recommended that key authentication and authorization data be audited and monitored so that changes can be traced. Performing attac...
Record System Authentication-related Events in Logs
System authentication-related events must be recorded to help analyze users SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Ensure That the Group Names Are Unique
The user group names in /etc/group must be unique. If user group names in /etc/group are duplicate, only the GID of the first user group in /etc/group is valid. If the administrator runs commands such as useradd or groupadd to add users or user groups, duplicate user group names typically do not...
Configure the Default Policies of iptables to DROP Properly
Generally, iptables policies can be configured in allowlist or blocklist mode. You are advised to configure iptables policies in allowlist mode. Connections that do not comply with the rules in the allowlist are prohibited. Therefore, you can configure the DROP or REJECT policy for the INPUT,...
Ensure That Mounting for Unnecessary File System Is Removed
Linux supports multiple file systems through kernel objects loaded to the kernel. As a universal OS platform, openEuler provides various kernel object files in the /lib/modules/kernel version/kernel/fs/ directory to support different file systems. You can run the insmod or modprobe command to loa...
RockyLinux 9 : ghostscript (RLSA-2024:6197)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:6197 advisory. ghostscript: format string injection leads to shell command execution SAFER bypass CVE-2024-29510 ghostscript: path traversal and command execution due t...
ALSA-2025:4658 Moderate: libtiff security update
The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: Heap-based buffer overflow in tools/pal2rgb.c can lead to denial of service CVE-2017-17095 For more details about the security issues, including the impact, a CVSS...
Moderate: libtiff security update
The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: Heap-based buffer overflow in tools/pal2rgb.c can lead to denial of service CVE-2017-17095 For more details about the security issues, including the impact, a CVSS...
jinja2: Jinja has a sandbox breakout through indirect reference to format method
A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...