PayTR Ödeme Ve Elektronik Para Kuruluşu A.Ş. Security Vulnerabilities

RHEL 9 : glibc (RHSA-2024:3339)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3339 advisory. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the...

Oracle Linux 8 : libreoffice (ELSA-2024-1514)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1514 advisory. Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In...

AlmaLinux 9 : libreoffice (ALSA-2024:1427)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1427 advisory. Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary...

Ubuntu 23.04 / 23.10 : LibreOffice vulnerabilities (USN-6546-1)

The remote Ubuntu 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6546-1 advisory. Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary...

RHEL 8 : glibc (RHSA-2024:3312)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3312 advisory. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the...

RHEL 8 : glibc (RHSA-2024:3309)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3309 advisory. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2024-1682)

The remote host is missing an update for the Huawei...

Watch out for tech support scams lurking in sponsored search results

This blog post was written based on research carried out by Jérôme Segura. A campaign using sponsored search results is targeting home users and taking them to tech support scams. Sponsored search results are the ones that are listed at the top of search results and are labelled "Sponsored"....

The sliding doors of misinformation that come with AI-generated search results

As someone who used to think that his entire livelihood would come from writing, I've long wondered if any sort of computer or AI could replace my essential functions at work. For now, it seems there are enough holes in AI-generated language that my ability to write down a complete, accurate and...

Important: libreoffice security fix update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

RHEL 8 : glibc (RHSA-2024:3344)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3344 advisory. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the...

F5 Networks BIG-IP : BIG-IP VE vulnerability (K53442005)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.5 / 15.1.4.1 / 16.1.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K53442005 advisory. On version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and...

openSUSE Security Update : LibreOffice and dependency libraries (openSUSE-2019-912)

This update for LibreOffice, libepubgen, liblangtag, libmwaw, libnumbertext, libstaroffice, libwps, myspell-dictionaries, xmlsec1 fixes the following issues : LibreOffice was updated to 6.1.3.2 (fate#326624) and contains new features and lots of bugfixes : The full changelog can be found on :...

Rocky Linux 8 : libreoffice (RLSA-2024:1514)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1514 advisory. Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary...

RHEL 8 : glibc (RHSA-2024:3269)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3269 advisory. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name...

10 years of the GitHub Security Bug Bounty Program

Each year, we celebrate the GitHub Security Bug Bounty program, highlighting impressive bugs and researchers, rewards, live hacking events, and more. This year, we celebrate a new milestone: 10 years of the GitHub Security Bug Bounty program! While we've had some exciting growth over the last 10...

Debian: Security Advisory (DLA-3821-1)

The remote host is missing an update for the...

Revolutionizing WordPress Bug Bounty and Security: Latest Enhancements to the Wordfence Bug Bounty Program

We are excited to share some updates on our Bug Bounty Program today! It has been over six months since the launch of our program, during which we've awarded approximately $242,000 in bounties. Since then, our team has triaged around 2,140 vulnerability submissions, with about 1,320 deemed...

Apple and Google are taking steps to curb the abuse of location-tracking devices — but what about others?

Since the advent of products like the Tile and Apple AirTag, both used to keep track of easily lost items like wallets, keys and purses, bad actors and criminals have found ways to abuse them. These adversaries can range from criminals just looking to do something illegal for a range of reasons,...

Determine OS and list of installed packages via SSH login

This script will, if given a userid/password or key to the remote system, login to that system, determine the OS it is running, and for supported systems, extract the list of installed...

AlmaLinux 8 : glibc (ALSA-2024:2722)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:2722 advisory. The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the...

Cybersecurity in the SMB space — a growing threat

Small and medium-sized businesses (SMBs) are increasingly targeted by cybercriminals. Despite adopting digital technology for remote work, production, and sales, SMBs often lack robust cybersecurity measures. SMBs face significant cybersecurity challenges due to limited resources and expertise....

Oracle Linux 8 : glibc (ELSA-2024-2722)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2722 advisory. The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to...

Debian DSA-4483-1 : libreoffice - security update

Two security issues have been discovered in LibreOffice : CVE-2019-9848 Nils Emmerich discovered that malicious documents could execute arbitrary Python code via LibreLogo. CVE-2019-9849 Matei Badanoiu discovered that the stealth mode did not apply to bullet...

MobileShop master v1.0 - SQL Injection Vulnerability

...

Seeing Like a Data Structure

Technology was once simply a tool--and a small one at that--used to amplify human intent and capacity. That was the story of the industrial revolution: we could control nature and build large, complex human societies, and the more we employed and mastered technology, the better things got. We...

openSUSE Security Update : libreoffice (openSUSE-2019-2057)

This update for libreoffice fixes the following issues : Security issues fixed : CVE-2019-9849: Disabled fetching remote bullet graphics in 'stealth mode' (bsc#1141861). CVE-2019-9848: Fixed an arbitrary script execution via LibreLogo (bsc#1141862). CVE-2019-9851: Fixed LibreLogo...

MobileShop Master 1.0 SQL Injection

...

Rocky Linux 8 : glibc (RLSA-2024:2722)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:2722 advisory. The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the...

Debian: Security Advisory (DSA-5690-1)

The remote host is missing an update for the...

How we can separate botnets from the malware operations that rely on them

As I covered in last week's newsletter, law enforcement agencies from around the globe have been touting recent botnet disruptions affecting the likes of some of the largest threat actors and malware families. Operation Endgame, which Europol touted as the "largest ever operation against botnets,"....

Exploit for Missing Authentication for Critical Function in F5 Big-Ip Access Policy Manager

CVE-2022-1388 RCE, Reverse Shell, and Auto-Export PCAP --...

MobileShop master v1.0 - SQL Injection Vuln.

...

Trusted relationship attacks: trust, but verify

IT outsourcing market continues to demonstrate strong growth globally – such services are becoming increasingly popular. But along with the advantages, such as saved time and resources, delegating non-core tasks creates new challenges in terms of information security. By providing third-party...

RHEL 7 : libreoffice (RHSA-2018:0418)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0418 advisory. libreoffice: Remote arbitrary file disclosure vulnerability via WEBSERVICE formula (CVE-2018-6871) Note that Nessus has not tested for this issue...

RHEL 6 : libreoffice (RHSA-2012:1135)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2012:1135 advisory. openoffice.org, libreoffice: Multiple heap-based buffer overflows in the XML manifest encryption handling code (CVE-2012-2665) Note that Nessus...

[SECURITY] Fedora 38 Update: perl-Data-UUID-1.227-1.fc38

This module provides a framework for generating v3 UUIDs (Universally Unique Identifiers, also known as GUIDs (Globally Unique Identifiers). A UUID is 1 28 bits long, and is guaranteed to be different from all other UUIDs/GUIDs generated until 3400 CE. UUIDs were originally used in the Network...

[SECURITY] Fedora 39 Update: perl-Data-UUID-1.227-1.fc39

This module provides a framework for generating v3 UUIDs (Universally Unique Identifiers, also known as GUIDs (Globally Unique Identifiers). A UUID is 1 28 bits long, and is guaranteed to be different from all other UUIDs/GUIDs generated until 3400 CE. UUIDs were originally used in the Network...

libreoffice security fix update

[6.4.7.2-16.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option to configure. [1:6.4.7.2-16] - Fix CVE-2023-6185 escape url passed to gstreamer - Fix CVE-2023-6186 check link target...

[SECURITY] Fedora 40 Update: perl-Data-UUID-1.227-1.fc40

This module provides a framework for generating v3 UUIDs (Universally Unique Identifiers, also known as GUIDs (Globally Unique Identifiers). A UUID is 1 28 bits long, and is guaranteed to be different from all other UUIDs/GUIDs generated until 3400 CE. UUIDs were originally used in the Network...

Scientific Linux Security Update : libreoffice on SL7.x x86_64 (20190806)

Security Fix(es) : libreoffice: Arbitrary python functions in arbitrary modules on the filesystem can be executed without warning...

libreoffice security fix update

An update is available for libreoffice. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list LibreOffice is an open source, community-developed office productivity...

Amazon Linux 2 : glibc (ALAS-2024-2521)

The version of glibc installed on the remote host is prior to 2.26-64. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2521 advisory. The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes...

Directory Scanner

This plugin attempts to determine the presence of various common dirs on the remote web...

Debian DSA-4501-1 : libreoffice - security update

It was discovered that the code fixes to address CVE-2018-16858 and CVE-2019-9848 were not...

Talos joins CISA to counter cyber threats against non-profits, activists and other at-risk communities

Cisco Talos is delighted to share updates about our ongoing partnership with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to combat cybersecurity threats facing civil society organizations. Talos has partnered with CISA on several initiatives through the Joint Cyber Defense...

RHEL 6 : libreoffice (RHSA-2015:1458)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:1458 advisory. libreoffice: HWP file filter vulnerability (CVE-2015-1774) Note that Nessus has not tested for this issue but has instead relied only on the...

Picking fights and gaining rights, with Justin Brookman: Lock and Code S05E09

This week on the Lock and Code podcast… Our Lock and Code host, David Ruiz, has a bit of an apology to make: “Sorry for all the depressing episodes.” When the Lock and Code podcast explored online harassment and abuse this year, our guest provided several guidelines and tips for individuals to...

CentOS 9 : libreoffice-7.1.8.1-11.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the libreoffice-7.1.8.1-11.el9 build changelog. Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an...

Rethinking Democracy for the Age of AI

There is a lot written about technology's threats to democracy. Polarization. Artificial intelligence. The concentration of wealth and power. I have a more general story: The political and economic systems of governance that were created in the mid-18th century are poorly suited for the 21st...