Double free

FreshRSS is a free, self-hostable RSS aggregator. User configuration files can be accessed by a remote user. In addition to user preferences, such configurations contain hashed passwords brypt with cost 9, salted of FreshRSS Web interface. If the API is used, the configuration might contain a...

CVE-2022-23497 Insecure file access in FreshRSS

FreshRSS is a free, self-hostable RSS aggregator. User configuration files can be accessed by a remote user. In addition to user preferences, such configurations contain hashed passwords brypt with cost 9, salted of FreshRSS Web interface. If the API is used, the configuration might contain a...

CVE-2022-23497

FreshRSS CVE-2022-23497 describes an information‑disclosure vulnerability where a remote user can access user configuration files. These files can contain hashed passwords for the web interface and, if using the API, hashed passwords for GReader and Fever APIs. Affected releases are prior to 1.20...

CVE-2022-23497 Insecure file access in FreshRSS

FreshRSS is a free, self-hostable RSS aggregator. User configuration files can be accessed by a remote user. In addition to user preferences, such configurations contain hashed passwords brypt with cost 9, salted of FreshRSS Web interface. If the API is used, the configuration might contain a...

Sophos Firewall SQL注入漏洞

Sophos Firewall is a firewall from Sophos UK. A SQL injection vulnerability exists in versions prior to Sophos Firewall 19.5GA that allows an API client to read the contents of its user's configuration database via SQL injection...

CVE-2022-37400

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization vector for encryption was always the same...

Apache OpenOffice 安全特征问题特征问题漏洞

Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents, spreadsheets, presentations, drawings, databases, and more. A security signature issue vulnerability exists in Apache OpenOffice versions prior to 4.1.13, which ste...

Zimbra 安全漏洞

Zimbra is an open source email collaboration platform from Zimbra, Inc. in the United States. Zimbra suffers from a security vulnerability that stems from its sudo configuration that allows a user to execute zmslapd binaries as the root user with arbitrary parameters. As part of its intended...

The vulnerability of the LibreOffice office software’s user configuration database allows a hacker to disclose protected information.

The vulnerability of the LibreOffice office software’s user configuration database is related to insufficiently secure data encryption. Exploiting this vulnerability could allow a malicious actor to disclose protected information from a remote location...

DEBIAN-CVE-2022-26307

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 t...

CVE-2022-26306

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which...

UBUNTU-CVE-2022-26306

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which...

LibreOffice 安全特征问题漏洞

LibreOffice is an open source office software suite from The Document Foundation tdf. The product includes applications such as Writer text documents, Calc spreadsheets, and Impress presentations.LibreOffice is vulnerable to an encryption problem that stems from LibreOffice using weak...

CVE-2022-26307

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 t...

CVE-2022-26306

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which...

[SECURITY] Fedora 36 Update: ignition-2.14.0-2.fc36

Ignition is a utility used to manipulate systems during the initramfs. This includes partitioning disks, formatting partitions, writing files regular files, systemd units, etc., and configuring users. On first boot, Ignition reads its configuration from a source of truth remote URL, network...

OPENSUSE-SU-2022:10016-1 Security update for firejail

This update for firejail fixes the following issues: firejail was updated to version 0.9.70: - CVE-2022-31214 - root escalation in --join logic boo1199148 Reported by Matthias Gerstner, working exploit code was provided to our development team. In the same time frame, the problem was independentl...

[SECURITY] Fedora 35 Update: ignition-2.14.0-1.fc35

Ignition is a utility used to manipulate systems during the initramfs. This includes partitioning disks, formatting partitions, writing files regular files, systemd units, etc., and configuring users. On first boot, Ignition reads its configuration from a source of truth remote URL, network...

Cross-site Scripting (XSS)

Overview org.jenkins-ci.main:jenkins-core is an open source automation server. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Description field in the user configuration. An attacker can inject arbitrary web script or HTML by crafting malicious input. PoC...

Jenkins allows Cross-Site Scripting (XSS) in User Configuration

Cross-site scripting XSS vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration...