CVE-2024-3044

Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted...

CVE-2024-3044

Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted...

CVE-2024-3044

Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted...

CVE-2024-3044 Graphic on-click binding allows unchecked script execution

Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted...

CVE-2024-3044 Graphic on-click binding allows unchecked script execution

Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted...

CVE-2024-3044

CVE-2024-3044 concerns LibreOffice: Unchecked script execution in Graphic on-click binding allows a document to trigger built-in scripts when clicking a graphic, previously treated as trusted but now untrusted. The vulnerability affects multiple LibreOffice builds across distributions, with remed...

CVE-2024-3044

Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted...

CVE-2024-3044

Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-30051 Microsoft DWM Core Library Privilege Escalation Vulnerability CVE-2024-30040 Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability Thes...

RHEL 7 : spring-webflow (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - spring-webflow: Data Binding Expression Vulnerability in Spring Web Flow CVE-2017-8039 - An issue was...

QEMU 安全漏洞

QEMU Quick Emulator is a suite of simulation processor software by Fabrice Bellard, an individual developer in France. The software is fast and cross-platform. A security vulnerability exists in QEMU versions 8.2.3 and 9.0.0, which stems from a flaw found in QEMU in the Virtio PCI binding...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : rpm (SUSE-SU-2024:1557-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1557-1 advisory. - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via...

SUSE-SU-2024:1557-1 Security update for rpm

This update for rpm fixes the following issues: Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking bsc1191175 Other fixes: - accept more signature subpackets marked as critical bsc1218686 - backport limit support for the autopatch macro bsc1189495...

The vulnerability of the formIPMacBindDel() function (/goform/del_ip_mac_bind) in the Tenda W15E router software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the formIPMacBindDel function /goform/delipmacbind of the Tenda W15E router software lies in the issue of the operation going beyond the buffer in memory when processing the IPMacBindIndex parameter. Exploiting this vulnerability allows an attacker to compromise the...

libxmljs 安全漏洞

libxmljs is the LibXML binding for node.js. A security vulnerability exists in libxmljs that stems from the presence of a type confusion vulnerability...

libxmljs 安全漏洞

libxmljs is the LibXML binding for node.js. A security vulnerability exists in libxmljs that stems from the presence of a type confusion vulnerability...

ReCrystallize Server 安全漏洞

ReCrystallize is a reporting software from ReCrystallize, Inc. A security vulnerability exists in ReCrystallize Server version 5.10.0.0 that stems from the use of an authorization mechanism that relies on a cookie value but does not bind the cookie value to a session ID, which can be exploited by...

GHSA-8RMM-GM28-PJ8Q Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow

Keycloak allows arbitrary URLs as SAML Assertion Consumer Service POST Binding URL ACS, including JavaScript URIs javascript:. Allowing JavaScript URIs in combination with HTML forms leads to JavaScript evaluation in the context of the embedding origin on form submission. Acknowledgements: Specia...

Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow

Keycloak allows arbitrary URLs as SAML Assertion Consumer Service POST Binding URL ACS, including JavaScript URIs javascript:. Allowing JavaScript URIs in combination with HTML forms leads to JavaScript evaluation in the context of the embedding origin on form submission. Acknowledgements: Specia...

UBUNTU-CVE-2024-26900

In the Linux kernel, the following vulnerability has been resolved: md: fix kmemleak of rdev-serial If kobjectadd is fail in bindrdevtoarray, 'rdev-serial' will be alloc not be freed, and kmemleak occurs. unreferenced object 0xffff88815a350000 size 49152: comm "mdadm", pid 789, jiffies 4294716910...