3048 matches found
libreoffice: Ability to trust not validated macro signatures removed in high security mode
A vulnerability was found in versions of LibreOffice from 24.2 to before 24.2.5. When a document containing a signed macro fails verification, LibreOffice will display a warning which the user can choose to ignore the failure and enable the macro anyways...
libreoffice: Ability to trust not validated macro signatures removed in high security mode
A vulnerability was found in versions of LibreOffice from 24.2 to before 24.2.5. When a document containing a signed macro fails verification, LibreOffice will display a warning which the user can choose to ignore the failure and enable the macro anyways...
libreoffice: Ability to trust not validated macro signatures removed in high security mode
A vulnerability was found in versions of LibreOffice from 24.2 to before 24.2.5. When a document containing a signed macro fails verification, LibreOffice will display a warning which the user can choose to ignore the failure and enable the macro anyways...
libreoffice: Ability to trust not validated macro signatures removed in high security mode
A vulnerability was found in versions of LibreOffice from 24.2 to before 24.2.5. When a document containing a signed macro fails verification, LibreOffice will display a warning which the user can choose to ignore the failure and enable the macro anyways...
Sonos Speaker Flaws Could Have Let Remote Hackers Eavesdrop on Users
Cybersecurity researchers have uncovered weaknesses in Sonos smart speakers that could be exploited by malicious actors to clandestinely eavesdrop on users. The vulnerabilities "led to an entire break in the security of Sonos's secure boot process across a wide range of devices and remotely being...
CVE-2024-23460
The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. This affects Zscaler Client Connector on MacOS 4.2...
SUSE CVE-2024-42105
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix inode number range checks Patch series "nilfs2: fix potential issues related to reserved inodes". This series fixes one use-after-free issue reported by syzbot, caused by nilfs2's internal inode being exposed in the...
SUSE CVE-2024-42131
In the Linux kernel, the following vulnerability has been resolved: mm: avoid overflows in dirty throttling logic The dirty throttling logic is interspersed with assumptions that dirty limits in PAGESIZE units fit into 32-bit so that various multiplications fit into 64-bits. If limits end up bein...
Zscaler Client Connector 安全漏洞
Zscaler Client Connector is a lightweight agent from Zscaler, Inc. A security vulnerability exists in Zscaler Client Connector versions prior to 4.2, which originates from not verifying the digital signature of the installer, allowing arbitrary code to be executed locally...
PT-2024-6565 · Aruba · Arubaos
Name of the Vulnerable Software and Affected Versions: ArubaOS affected versions not specified Description: A Path Traversal vulnerability exists in the ArubaOS, related to incorrect restriction of directory path names with limited access. Successful exploitation of this vulnerability allows an...
CLSA-2024-1722535503 systemd: Fix of CVE-2023-7008
CVE-2023-7008: prevent systemd-resolved from accepting DNS records of DNSSEC- signed domains without a signature to mitigate man-in-the-middle attacks...
DEBIAN-CVE-2024-42105
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix inode number range checks Patch series "nilfs2: fix potential issues related to reserved inodes". This series fixes one use-after-free issue reported by syzbot, caused by nilfs2's internal inode being exposed in the...
UBUNTU-CVE-2024-42105
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix inode number range checks Patch series "nilfs2: fix potential issues related to reserved inodes". This series fixes one use-after-free issue reported by syzbot, caused by nilfs2's internal inode being exposed in the...
DEBIAN-CVE-2024-42066
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix potential integer overflow in page size calculation Explicitly cast tbo-pagealignment to u64 before bit-shifting to prevent overflow when assigning to minpagesize...
GO-2024-2989 projectdiscovery/nuclei allows unsigned code template execution through workflows in github.com/projectdiscovery/nuclei
projectdiscovery/nuclei allows unsigned code template execution through workflows in github.com/projectdiscovery/nuclei...
PT-2024-5029 · Apache · Apache Cloudstack
Name of the Vulnerable Software and Affected Versions: Apache CloudStack versions 4.5.0 through 4.18.2.1 Apache CloudStack versions 4.19.0.0 through 4.19.0.2 Description: The issue is related to the SAML authentication mechanism in Apache CloudStack, which does not enforce signature checks when...
GHSA-C3Q9-C27P-CW9H projectdiscovery/nuclei allows unsigned code template execution through workflows
Summary Find a way to execute code template without -code option and signature. Details write a code.yaml: yaml id: code info: name: example code template author: ovi3 code: - engine: - sh - bash source: | id http: - raw: - | POST /re HTTP/1.1 Host: Hostname coderesponse workflows: - matchers: -...
CVE-2024-40641 Unsigned code template execution through workflows in projectdiscovery/nuclei
Nuclei is a fast and customizable vulnerability scanner based on simple YAML based DSL. In affected versions it a way to execute code template without -code option and signature has been discovered. Some web applications inherit from Nuclei and allow users to edit and execute workflow files. In...
CVE-2024-40641 Unsigned code template execution through workflows in projectdiscovery/nuclei
Nuclei is a fast and customizable vulnerability scanner based on simple YAML based DSL. In affected versions it a way to execute code template without -code option and signature has been discovered. Some web applications inherit from Nuclei and allow users to edit and execute workflow files. In...
CVE-2024-40641 Unsigned code template execution through workflows in projectdiscovery/nuclei
Nuclei is a fast and customizable vulnerability scanner based on simple YAML based DSL. In affected versions it a way to execute code template without -code option and signature has been discovered. Some web applications inherit from Nuclei and allow users to edit and execute workflow files. In...