Updated libreoffice packages fix security vulnerability

Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted...

cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding

A server-side request forgery SSRF vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted...

GHSA-PMRX-695R-4349 dbt allows Binding to an Unrestricted IP Address via socketsocket

Summary Binding to INADDRANY 0.0.0.0 or IN6ADDRANY :: exposes an application on all network interfaces, increasing the risk of unauthorized access. While doing some static analysis and code inspection, I found the following code binding a socket to INADDRANY by passing "" as the address. This...

SUSE CVE-2021-47413

In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: cihdrcimx: Also search for 'phys' phandle When passing 'phys' in the devicetree to describe the USB PHY phandle which is the recommended way according to Documentation/devicetree/bindings/usb/ci-hdrc-usb2.txt the...

dbt 安全漏洞

dbt is a data transcription tool. A security vulnerability exists in dbt that stems from the ability to bind to unrestricted IP addresses via socket ketsocket, which increases the risk of unauthorized access...

[SECURITY] [DLA 3821-1] libreoffice security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3821-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès May 26, 2024 https://wiki.debian.org/LTS -...

DEBIAN-CVE-2021-47389

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: fix missing sevdecommission in sevreceivestart DECOMMISSION the current SEV context if binding an ASID fails after RECEIVESTART. Per AMD's SEV API, RECEIVESTART generates a new guest context and thus needs to be paired...

CVE-2021-47389

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: fix missing sevdecommission in sevreceivestart DECOMMISSION the current SEV context if binding an ASID fails after RECEIVESTART. Per AMD's SEV API, RECEIVESTART generates a new guest context and thus needs to be paired...

PT-2024-11277 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A possible scenario exists where dwc3 gadget init can fail during a host to peripheral mode switch in dwc3 set mode, and a pending gadget driver fails to bind. If the DRD undergoes...

Metasploit Wrap-Up 05/17/2024

LDAP Authentication Improvements This week, in Metasploit v6.4.9, the team has added multiple improvements for LDAP related attacks. Two improvements relating to authentication is the new support for Signing and Channel Binding. Microsoft has been making changes to harden the communications to...

UBUNTU-CVE-2024-35786

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix stale locked mutex in nouveaugemioctlpushbuf If VMBIND is enabled on the client the legacy submission ioctl can't be used, however if a client tries to do so regardless it will return an error. In this case the...

CVE-2024-2366

A remote code execution vulnerability exists in the parisneo/lollms-webui application, specifically within the reinstallbinding functionality in lollmscore/lollms/server/endpoints/lollmsbindinginfos.py of the latest version. The vulnerability arises due to insufficient path sanitization, allowing...

Improper Query Binding

Laravel/framework is vulnerable to Improper Query Binding. If a request is crafted with a non-array field as an array without proper validation or casting, it can lead to an unexpected number of query bindings being added to the query. This can result in queries returning either no results or...

LoLLMs Command Injection Vulnerability

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A command injection vulnerability exists in LoLLMs that stems from a remote code execution vulnerability in the reinstallbinding function in...

PT-2024-29038 · Parisneo · Lollms

Name of the Vulnerable Software and Affected Versions: parisneo/lollms version latest Description: The issue is related to arbitrary code execution due to insufficient sanitization of user input. Specifically, the /unInstall binding endpoint is vulnerable, and the problem arises from the lack of...

codeigniter/framework SQL injection in ODBC database driver

CodeIgniter 3.1.0 addressed a critical security issue within the ODBC database driver. This update includes crucial fixes to mitigate a SQL injection vulnerability, preventing potential exploitation by attackers. It is noteworthy that these fixes render the query builder and escape functions...

GHSA-27QR-636M-WXG2 codeigniter/framework SQL injection in ODBC database driver

CodeIgniter 3.1.0 addressed a critical security issue within the ODBC database driver. This update includes crucial fixes to mitigate a SQL injection vulnerability, preventing potential exploitation by attackers. It is noteworthy that these fixes render the query builder and escape functions...

cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding

A server-side request forgery SSRF vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted...

CVE-2024-3044

A flaw was found in LibreOffice. Unchecked script execution in graphic on-click binding allows an attacker to create a document, which, without a prompt, will execute scripts built into LibreOffice when clicking a graphic. These scripts were previously deemed trusted but are now deemed untrusted...

Debian dsa-5690 : fonts-opensymbol - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5690 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5690-1 [email protected] https://www.debian.org/security/...