EUVD-2019-19208

Malware in sbrugna...

Researchers Link New SS7 Encoding Attack to Surveillance Vendor Activity

Researchers identify a new SS7 encoding attack used by a surveillance vendor to bypass security and access mobile subscriber data without detection...

GHSA-VQFR-H8MV-GHFJ h11 accepts some malformed Chunked-Encoding bodies

Impact A leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. Details HTTP/1.1 Chunked-Encoding bodies are formatted as a sequence of "chunks", each of which consists of: - chunk length - \r\n - leng...

OESA-2024-2172 nodejs security update

Node.js is an open-source, cross-platform, JavaScript runtime environment, it executes JavaScript code outside of a browser. Security Fixes: Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to t...

Oracle Linux 7 : libreoffice (ELSA-2020-1151)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1151 advisory. - Resolves: rhbz1743962 CVE-2019-9848 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

keycloak: path traversal via double URL encoding

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. Thi...

Debian DLA-1947-1 : libreoffice security update

Several vulnerabilities were discovered in LibreOffice, the office productivity suite. CVE-2019-9848 Nils Emmerich discovered that malicious documents could execute arbitrary Python code via LibreLogo. CVE-2019-9849 Matei Badanoiu discovered that the stealth mode did not apply to bullet graphics...

Directory traversal

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...

CVE-2019-9852

LibreOffice CVE-2019-9852 is an insufficient URL encoding flaw in the allowed script location check for pre-installed macros, which could allow bypassing path verification and executing scripts. Affected products are Document Foundation LibreOffice versions prior to 6.2.6. Remediation per connect...

Microsoft ASN.1 BitString Encoding Attack (MS04-007; CAN-2003-0818)

...

Apache 1.3.x + Tomcat 4.0.x4.1.x mod_jk - Chunked Encoding Denial of Service

Apache 1.3.x + Tomcat 4.0.x4.1.x modjk - Chunked Encoding Denial of Service source: https://www.securityfocus.com/bid/6320/info Apache Webserver and Tomcat are HTTP servers maintained and distributed by the Apache project. Apache Webserver and Tomcat are available for the Unix, Linux, and Microso...