Lucene search
K

8 matches found

Github Security Blog
Github Security Blog
added 2026/06/05 4:34 p.m.15 views

Sync-in Server: SSRF protection bypass via IPv4-mapped IPv6 addresses in regExpPrivateIP

Summary: The private IP blocklist regex used in the URL download feature does not match IPv4-mapped IPv6 addresses e.g. ::ffff:127.0.0.1, allowing SSRF protection to be bypassed on dual-stack systems. Affected components backend/src/applications/files/services/files-manager.service.ts –...

7.7CVSS5.4AI score0.00221EPSS
Exploits0References3Affected Software1
The Hacker News
The Hacker News
added 2023/09/18 12:21 p.m.52 views

Think Your MFA and PAM Solutions Protect You? Think Again

When you roll out a security product, you assume it will fulfill its purpose. Unfortunately, however, this often turns out not to be the case. A new report, produced by Osterman Research and commissioned by Silverfort, reveals that MFA Multi-Factor Authentication and PAM Privileged Access...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/11/18 12:0 a.m.84 views

RHEL 8 : libreoffice (RHSA-2020:1598)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1598 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor...

9.8CVSS7.8AI score0.78007EPSS
Exploits5References17
Microsoft Secure
Microsoft Secure
added 2020/06/16 6:0 p.m.38 views

Stay ahead of multi-cloud attacks with Azure Security Center

The COVID-19 crisis has challenged just about every business on the planet to quickly adapt and transform. With massive workforces now remote, IT administrators and security professionals are under increased pressure to keep these workers connected and productive while combating evolving threats,...

0.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/04/21 12:0 a.m.41 views

Scientific Linux Security Update : libreoffice on SL7.x x86_64 (20200407)

libreoffice: LibreLogo script can be manipulated into executing arbitrary python commands libreoffice: Insufficient URL validation allowing LibreLogo script execution libreoffice: LibreLogo global-event script execution libreoffice: Insufficient URL encoding flaw in allowed script location check...

9.8CVSS7.5AI score0.78007EPSS
Exploits6References8
Veracode
Veracode
added 2020/04/01 12:38 a.m.51 views

Unauthorized Access

libreoffice allows unauthorized access to application functions. The remote resources protection module is not applied to bullet graphics, allowing any user to enable stealth mode to retrieve remote resources...

4.3CVSS4.4AI score0.03089EPSS
Exploits0References16Affected Software1
UbuntuCve
UbuntuCve
added 2019/07/16 12:0 a.m.35 views

CVE-2019-9849

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed...

4.3CVSS7AI score0.03089EPSS
Exploits0References3
securityvulns
securityvulns
added 2009/04/24 12:0 a.m.111 views

Formshield Captcha - Older Version vulnerable to replay attacks

Replay attack on CAPTCHA Libraries Summary A CAPTCHA implementation that we tested were found to be vulnerable to replay attacks. The attack is explained in detail for Formshield – A popular DOT NET CAPTCHA implementation. NOTE: We discovered this during a Black Box engagement with one of our...

0.1AI score
Exploits0
Rows per page
Query Builder