PayTR Ödeme Ve Elektronik Para Kuruluşu A.Ş. Security Vulnerabilities

openSUSE Security Update : libreoffice (openSUSE-2019-2183)

This update for libreoffice fixes the following issues : Updated to version 6.2.7.1. Security issues fixed : CVE-2019-9849: Disabled fetching remote bullet graphics in 'stealth mode' (bsc#1141861). CVE-2019-9848: Fixed an arbitrary script execution via LibreLogo (bsc#1141862). ...

RHEL 7 : libreoffice (RHSA-2019:2130)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2130 advisory. libreoffice: Arbitrary python functions in arbitrary modules on the filesystem can be executed without warning (CVE-2018-16858) Note that Nessus...

CentOS 9 : glibc-2.34-83.el9.3

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the glibc-2.34-83.el9.3 build changelog. Stack read overflow in getaddrinfo in no-aaaa mode (#2234716) (CVE-2023-4527) potential use-after-free in gaih_inet (RHEL-2438)...

CentOS 9 : glibc-2.34-83.el9.7

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the glibc-2.34-83.el9.7 build changelog. potential use-after-free in getaddrinfo (RHEL-2426) (CVE-2023-4806) buffer overflow in ld.so leading to privilege escalation (RHEL-3000)...

RHEL 7 : libreoffice (RHSA-2018:3054)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3054 advisory. libreoffice: Use-after-free in sdstor/stgstrms.cxx:StgSmallStrm class allows for denial of service with crafted document...

Message board scams

Marketplace fraud is nothing new. Cybercriminals swindle money out of buyers and sellers alike. Lately, we've seen a proliferation of cybergangs operating under the Fraud-as-a-Service model and specializing in tricking users of online marketplaces, in particular, message boards. Criminals are...

Attackers are impersonating a road toll payment processor across the U.S. in phishing attacks

My wife (no stranger to weird types of scams) recently received a fake text message from someone claiming to be New Jersey's E-ZPass program saying that she had an outstanding balance from highway tolls that she owed, prompting her to visit a site so she could pay and avoid additional fines. There....

Amazon Linux 2023 : compat-libpthread-nonshared, glibc, glibc-all-langpacks (ALAS2023-2024-589)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-589 advisory. The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may...

openSUSE Security Update : libreoffice (openSUSE-2019-2361)

This update for libreoffice fixes the following issues: Updated to version 6.2.7.1. Security issues fixed : CVE-2019-9854: Fixed unsafe URL assembly flaw (bsc#1149944). CVE-2019-9855: Fixed path equivalence handling flaw (bsc#1149943) This update was imported from the...

RHEL 9 : glibc (RHSA-2023:5453)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5453 advisory. glibc: Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527) glibc: potential use-after-free in getaddrinfo()...

Debian DSA-4519-1 : libreoffice - security update

It was discovered that the code fixes for LibreOffice to address CVE-2019-9852 were not complete. Additional information can be found...

openSUSE Security Update : LibreOffice (openSUSE-2019-1929)

This update for libreoffice and libraries fixes the following issues : LibreOffice was updated to 6.2.5.2 (fate#327121 bsc#1128845 bsc#1123455), bringing lots of bug and stability fixes. Additional bugfixes : If there is no firebird engine we still need java to run hsqldb (bsc#1135189) ...

RHEL 9 : glibc (RHSA-2023:5454)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5454 advisory. glibc: buffer overflow in ld.so leading to privilege escalation (CVE-2023-4911) Note that Nessus has not tested for this issue but has instead...

How AI Will Change Democracy

I don't think it's an exaggeration to predict that artificial intelligence will affect every aspect of our society. Not by doing new things. But mostly by doing things that are already being done by humans, perfectly competently. Replacing humans with AIs isn't necessarily interesting. But when an....

RedHat Security Advisory RHSA-2009:1472

The remote host is missing updates announced in advisory RHSA-2009:1472. Xen is an open source virtualization framework. Virtualization allows users to run guest operating systems in virtual machines on top of a host operating system. The pyGrub boot loader did not honor the password option in the....

RHEL 8 : glibc (RHSA-2023:7409)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7409 advisory. glibc: potential use-after-free in getaddrinfo() (CVE-2023-4806) glibc: potential use-after-free in gaih_inet() (CVE-2023-4813) Note...

RHEL 8 : glibc (RHSA-2023:5476)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5476 advisory. glibc: buffer overflow in ld.so leading to privilege escalation (CVE-2023-4911) Note that Nessus has not tested for this issue but has instead...

RHEL 8 : libreoffice (RHSA-2023:6933)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6933 advisory. libreoffice: Empty entry in Java class path (CVE-2022-38745) libreoffice: Array index underflow in Calc formula parsing (CVE-2023-0950) ...

RHEL 8 : libreoffice (RHSA-2022:7461)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7461 advisory. libreoffice: Incorrect trust validation of signature with ambiguous KeyInfo children (CVE-2021-25636) Note that Nessus has not tested for this issue...

Bypassing 2FA with phishing and OTP bots

Introduction Two-factor authentication (2FA) is a security feature we have come to expect as standard by 2024. Most of today's websites offer some form of it, and some of them won't even let you use their service until you enable 2FA. Individual countries have adopted laws that require certain...

RHEL 8 : libreoffice (RHSA-2022:1766)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1766 advisory. libreoffice: Content Manipulation with Double Certificate Attack (CVE-2021-25633) libreoffice: Timestamp Manipulation with Signature...

The internet is already scary enough without April Fool’s jokes

I feel like over the past several years, the "holiday" that is April Fool's Day has really died down. At this point, there are few headlines you can write that would be more ridiculous than something you'd find on a news site any day of the week. And there are so many more serious issues that are.....

RHEL 8 : glibc (RHSA-2021:1585)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1585 advisory. glibc: iconv program can hang when invoked with the -c option (CVE-2016-10228) glibc: regular-expression match via proceed_next_node in...

RHEL 9 : libreoffice (RHSA-2023:6508)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6508 advisory. libreoffice: Empty entry in Java class path (CVE-2022-38745) libreoffice: Array index underflow in Calc formula parsing (CVE-2023-0950) ...

Stark Industries Solutions: An Iron Hammer in the Cloud

The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government.....

RHEL 8 : glibc (RHSA-2019:3513)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3513 advisory. glibc: getaddrinfo should reject IP addresses with trailing characters (CVE-2016-10739) Note that Nessus has not tested for this issue but has...

Law enforcement reels in phishing-as-a-service whopper

A major international law enforcement effort involving agencies from 19 countries has disrupted the notorious LabHost phishing-as-a-service platform. Europol reports that the organization's infrastructure has been compromised, its website shut down, and 37 suspects arrested, including four people.....

RHEL 8 : glibc (RHSA-2021:4358)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4358 advisory. glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c (CVE-2021-27645) glibc: mq_notify does not handle separately...

RHEL 8 : libreoffice (RHSA-2020:1598)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1598 advisory. libreoffice: Remote resources protection module not applied to bullet graphics (CVE-2019-9849) libreoffice: Insufficient URL validation...

Debian DLA-1947-1 : libreoffice security update

Several vulnerabilities were discovered in LibreOffice, the office productivity suite. CVE-2019-9848 Nils Emmerich discovered that malicious documents could execute arbitrary Python code via LibreLogo. CVE-2019-9849 Matei Badanoiu discovered that the stealth mode did not apply to bullet graphics......

CVE-2019-19708

The VisualEditor extension through 1.34 for MediaWiki allows XSS via pasted content containing an element with a data-ve-clipboard-key...

(RHSA-2024:1512) Important: libreoffice security fix update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

RHEL 8 : glibc (RHSA-2023:5455)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5455 advisory. glibc: Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527) glibc: potential use-after-free in getaddrinfo()...

RHEL 8 : glibc (RHSA-2022:0896)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0896 advisory. glibc: Off-by-one buffer overflow/underflow in getcwd() (CVE-2021-3999) glibc: Stack-based buffer overflow in svcunix_create via long...

RHEL 8 : glibc (RHSA-2020:4444)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4444 advisory. glibc: array overflow in backtrace functions for powerpc (CVE-2020-1751) glibc: use-after-free in glob() function when expanding ~user...

Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

Up to 30X Faster PHP Malware Scans with Wordfence CLI 4.0.1

Most of our customers scan a single site or a small number of sites for PHP malware using the Wordfence Plugin, and they coordinate scanning across multiple sites with Wordfence Central. If you are responsible for securing a large hosting provider network as part of an operations or security team,....

libreoffice security update

[1:7.1.8.1-12.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Added the --with-hamcrest option to configure. [1:7.1.8.1-12] - Fix CVE-2023-6185 escape url passed to gstreamer - Fix CVE-2023-6186 check link target...

Service Detection with 'HELP' Request'

This plugin performs service...

Rounding up some of the major headlines from RSA

While I one day wish to make it to the RSA Conference in person, I've never had the pleasure of making the trek to San Francisco for one of the largest security conferences in the U.S. Instead, I had to watch from afar and catch up on the internet every day like the common folk. This at least...

(RHSA-2024:1480) Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

CVE-2024-2646 Netentsec NS-ASG Application Security Gateway sql injection

A vulnerability classified as critical was found in Netentsec NS-ASG Application Security Gateway 6.3. This vulnerability affects unknown code of the file /vpnweb/index.php?para=index. The manipulation of the argument check_VirtualSiteId leads to sql injection. The attack can be initiated...

Why Your VPN May Not Be As Secure As It Claims

Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target's....

How to back up your iPhone to a Windows computer

They say the only backup you ever regret is the one you didn't make. iPhone backups can be used to easily move your apps and data to a new phone, to recover things you've lost, or to fix things that have failed. We've published posts on how to back up your iPhone to iCloud, and how to backup an...

Operation Celestial Force employs mobile and desktop malware to target Indian entities

By Gi7w0rm, Asheer Malhotra and Vitor Ventura. Cisco Talos is disclosing a new malware campaign called "Operation Celestial Force" running since at least 2018. It is still active today, employing the use of GravityRAT, an Android-based malware, along with a Windows-based malware loader we track...

(RHSA-2024:1514) Important: libreoffice security fix update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

60% of small businesses are concerned about cybersecurity threats

According to a recent poll by the US Chamber of Commerce, 60% of small businesses are concerned about cybersecurity threats, and 58% are concerned about a supply chain breakdown. Not surprisingly, small businesses in the professional services sector feel significantly more concerned about...

RedHat Update for kernel RHSA-2012:0721-01

The remote host is missing an update for...

EulerOS 2.0 SP8 : glibc (EulerOS-SA-2019-2307)

According to the version of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4...

Mageia: Security Advisory (MGASA-2024-0116)

The remote host is missing an update for...