20 matches found
RLSA-2026:3840 Important: image-builder security update
A local binary for building customized OS artifacts such as VM images and OSTree commits. Uses osbuild under the hood. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: net/url: Memory exhaustion in query...
RHCOS 4 : OpenShift Container Platform 4.16.58 (RHSA-2026:4464)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:4464 advisory. - golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 - crypto/x509: golang: Denial of Service due ...
Important: Red Hat Security Advisory: osbuild-composer security update
An update for osbuild-composer is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...
MiracleLinux 8 : libreoffice-6.4.7.2-10.el8.ML.1 (AXSA:2022-3720:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3720:01 advisory. libreoffice: Content Manipulation with Double Certificate Attack CVE-2021-25633 libreoffice: Timestamp Manipulation with Signature Wrapping...
EUVD-2015-7227
Malware in sbrugna...
Dell Unity Trust Management Issues Vulnerabilities
Dell Unity is a suite of virtual Unity storage environments from Dell, Inc. A security vulnerability exists in Dell Unity versions prior to 5.3 that stems from a man-in-the-middle spoofing vulnerability in the vmadapter component. An attacker with access to a CA signed certificate could exploit...
RHEL 8 : libreoffice (RHSA-2022:1766)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1766 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor...
Moderate: Red Hat Security Advisory: libreoffice security, bug fix, and enhancement update
An update for libreoffice is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
RLSA-2022:1766 Moderate: libreoffice security, bug fix, and enhancement update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
ALSA-2022:1766 Moderate: libreoffice security, bug fix, and enhancement update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
CentOS 8 : libreoffice (CESA-2022:1766)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:1766 advisory. - libreoffice: Content Manipulation with Double Certificate Attack CVE-2021-25633 - libreoffice: Timestamp Manipulation with Signature Wrapping...
CVE-2021-25633 Content Manipulation with Double Certificate Attack
LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to...
CVE-2021-41830 Double Certificate Attack
It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice advisory...
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2020-1804)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-5274
USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Due to a flaw in the X.509 implementation in the affected products which can result in an infinite loop, an attacker may exploit the vulnerability via a malicious certificate to perform a denial of service...
A week in security (July 1 – 7)
Last week on Malwarebytes Labs, we explained what to do when you find stalkerware, how cooperating apps and automatic permissions are setting you up for failure, and why you should steer clear of Bitcoin Cash generators. Other cybersecurity news: A former Chief Information Officer CIO of Equifax...
openssl: Memory corruption in the ASN.1 encoder
A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an...
ACROS Security: Poisoning Cached HTTPS Documents in Internet Explorer
Below please find our public report for the HTTPS cache poisoning issue in Internet Explorer. It includes workarounds for server operators, allowing them to protect their web services without having to rely on users to patch their browsers. Regards, ACROS Security http://www.acrossecurity.com...
Internet explorer (and others) CA certificate attack
For intermediate CA only signature is checked, missed check for basic constaint allows to use any valid certificate as CA certificate...
DEBIAN-CVE-2003-0545
Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding...