Ubuntu 23.04 / 23.10 : LibreOffice vulnerabilities (USN-6546-1)
The remote Ubuntu 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6546-1 advisory. Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary...
8.8CVSS
9.3AI Score
0.001EPSS
Oracle Linux 9 : libreoffice (ELSA-2024-1427)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1427 advisory. Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In...
8.8CVSS
9.3AI Score
0.001EPSS
RHEL 9 : glibc (RHSA-2024:3339)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3339 advisory. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the...
8.2AI Score
0.0005EPSS
The sliding doors of misinformation that come with AI-generated search results
As someone who used to think that his entire livelihood would come from writing, I've long wondered if any sort of computer or AI could replace my essential functions at work. For now, it seems there are enough holes in AI-generated language that my ability to write down a complete, accurate and...
7.2AI Score
Oracle Linux 8 : libreoffice (ELSA-2024-1514)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1514 advisory. Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In...
8.8CVSS
9.3AI Score
0.001EPSS
AlmaLinux 9 : libreoffice (ALSA-2024:1427)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1427 advisory. Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary...
8.8CVSS
9.3AI Score
0.001EPSS
RHEL 8 : glibc (RHSA-2024:3309)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3309 advisory. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the...
8.9AI Score
0.0005EPSS
Cross-Site Request Forgery (CSRF) vulnerability in PayTR Ödeme ve Elektronik Para Kuruluşu A.Ş. PayTR Taksit Tablosu – WooCommerce.This issue affects PayTR Taksit Tablosu – WooCommerce: from n/a through...
8.8CVSS
8.6AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in PayTR Ödeme ve Elektronik Para Kuruluşu A.Ş. PayTR Taksit Tablosu – WooCommerce.This issue affects PayTR Taksit Tablosu – WooCommerce: from n/a through...
8.8CVSS
0.001EPSS
openSUSE Security Update : LibreOffice and dependency libraries (openSUSE-2019-912)
This update for LibreOffice, libepubgen, liblangtag, libmwaw, libnumbertext, libstaroffice, libwps, myspell-dictionaries, xmlsec1 fixes the following issues : LibreOffice was updated to 6.1.3.2 (fate#326624) and contains new features and lots of bugfixes : The full changelog can be found on :...
7.5CVSS
6.9AI Score
0.171EPSS
Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2024-1682)
The remote host is missing an update for the Huawei...
7.5CVSS
6.7AI Score
0.001EPSS
Watch out for tech support scams lurking in sponsored search results
This blog post was written based on research carried out by Jérôme Segura. A campaign using sponsored search results is targeting home users and taking them to tech support scams. Sponsored search results are the ones that are listed at the top of search results and are labelled "Sponsored"....
7.2AI Score
Important: libreoffice security fix update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
8.8CVSS
7.5AI Score
0.001EPSS
RHEL 8 : glibc (RHSA-2024:3312)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3312 advisory. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the...
8.1AI Score
0.0005EPSS
RHEL 8 : glibc (RHSA-2024:3344)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3344 advisory. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the...
8.1AI Score
0.0004EPSS
7.5AI Score
0.0004EPSS
10 years of the GitHub Security Bug Bounty Program
Each year, we celebrate the GitHub Security Bug Bounty program, highlighting impressive bugs and researchers, rewards, live hacking events, and more. This year, we celebrate a new milestone: 10 years of the GitHub Security Bug Bounty program! While we've had some exciting growth over the last 10...
7AI Score
RHEL 8 : glibc (RHSA-2024:3269)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3269 advisory. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name...
7.1AI Score
0.0005EPSS
Rocky Linux 8 : libreoffice (RLSA-2024:1514)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1514 advisory. Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary...
8.8CVSS
9.3AI Score
0.001EPSS
We are excited to share some updates on our Bug Bounty Program today! It has been over six months since the launch of our program, during which we've awarded approximately $242,000 in bounties. Since then, our team has triaged around 2,140 vulnerability submissions, with about 1,320 deemed...
7.1AI Score
Since the advent of products like the Tile and Apple AirTag, both used to keep track of easily lost items like wallets, keys and purses, bad actors and criminals have found ways to abuse them. These adversaries can range from criminals just looking to do something illegal for a range of reasons,...
6.7AI Score
Determine OS and list of installed packages via SSH login
This script will, if given a userid/password or key to the remote system, login to that system, determine the OS it is running, and for supported systems, extract the list of installed...
7.3AI Score
F5 Networks BIG-IP : BIG-IP VE vulnerability (K53442005)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.5 / 15.1.4.1 / 16.1.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K53442005 advisory. On version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and...
5.3CVSS
5.7AI Score
0.001EPSS
Cybersecurity in the SMB space — a growing threat
Small and medium-sized businesses (SMBs) are increasingly targeted by cybercriminals. Despite adopting digital technology for remote work, production, and sales, SMBs often lack robust cybersecurity measures. SMBs face significant cybersecurity challenges due to limited resources and expertise....
7.3AI Score
3 More Plugins Infected in WordPress.org Supply Chain Attack Due to Compromised Developer Passwords
Update #1: As of 12:36PM EST, another plugin has been infected. We've updated the list below to include this fourth plugin and the plugins team has been notified. Update #2: As of 2:20 PM EST, two more plugins appear to have malicious commits, however, the releases have not officially been made...
7.1AI Score
AlmaLinux 8 : glibc (ALSA-2024:2722)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:2722 advisory. The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the...
7.7AI Score
0.0005EPSS
Oracle Linux 8 : glibc (ELSA-2024-2722)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2722 advisory. The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to...
7.4AI Score
0.0005EPSS
Debian DSA-4483-1 : libreoffice - security update
Two security issues have been discovered in LibreOffice : CVE-2019-9848 Nils Emmerich discovered that malicious documents could execute arbitrary Python code via LibreLogo. CVE-2019-9849 Matei Badanoiu discovered that the stealth mode did not apply to bullet...
9.8CVSS
8.6AI Score
0.217EPSS
Technology was once simply a tool--and a small one at that--used to amplify human intent and capacity. That was the story of the industrial revolution: we could control nature and build large, complex human societies, and the more we employed and mastered technology, the better things got. We...
6.9AI Score
How we can separate botnets from the malware operations that rely on them
As I covered in last week's newsletter, law enforcement agencies from around the globe have been touting recent botnet disruptions affecting the likes of some of the largest threat actors and malware families. Operation Endgame, which Europol touted as the "largest ever operation against botnets,"....
7.1AI Score
openSUSE Security Update : libreoffice (openSUSE-2019-2057)
This update for libreoffice fixes the following issues : Security issues fixed : CVE-2019-9849: Disabled fetching remote bullet graphics in 'stealth mode' (bsc#1141861). CVE-2019-9848: Fixed an arbitrary script execution via LibreLogo (bsc#1141862). CVE-2019-9851: Fixed LibreLogo...
9.8CVSS
8.1AI Score
0.971EPSS
7.5AI Score
0.0004EPSS
Rocky Linux 8 : glibc (RLSA-2024:2722)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:2722 advisory. The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the...
7.6AI Score
0.0005EPSS
Trusted relationship attacks: trust, but verify
IT outsourcing market continues to demonstrate strong growth globally – such services are becoming increasingly popular. But along with the advantages, such as saved time and resources, delegating non-core tasks creates new challenges in terms of information security. By providing third-party...
7.8AI Score
7.4AI Score
7.4AI Score
Exploit for Missing Authentication for Critical Function in F5 Big-Ip Access Policy Manager
CVE-2022-1388 RCE, Reverse Shell, and Auto-Export PCAP --...
9.8CVSS
-0.1AI Score
0.975EPSS
RHEL 7 : libreoffice (RHSA-2018:0418)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0418 advisory. libreoffice: Remote arbitrary file disclosure vulnerability via WEBSERVICE formula (CVE-2018-6871) Note that Nessus has not tested for this issue...
9.8CVSS
9.4AI Score
0.593EPSS
7.4AI Score
RHEL 6 : libreoffice (RHSA-2012:1135)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2012:1135 advisory. openoffice.org, libreoffice: Multiple heap-based buffer overflows in the XML manifest encryption handling code (CVE-2012-2665) Note that Nessus...
6.6AI Score
0.041EPSS
libreoffice security fix update
[6.4.7.2-16.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option to configure. [1:6.4.7.2-16] - Fix CVE-2023-6185 escape url passed to gstreamer - Fix CVE-2023-6186 check link target...
8.8CVSS
6.6AI Score
0.001EPSS
This plugin attempts to determine the presence of various common dirs on the remote web...
9.9CVSS
8.1AI Score
0.975EPSS
Scientific Linux Security Update : libreoffice on SL7.x x86_64 (20190806)
Security Fix(es) : libreoffice: Arbitrary python functions in arbitrary modules on the filesystem can be executed without warning...
9.8CVSS
9AI Score
0.964EPSS
libreoffice security fix update
An update is available for libreoffice. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list LibreOffice is an open source, community-developed office productivity...
8.8CVSS
7.5AI Score
0.001EPSS
Amazon Linux 2 : glibc (ALAS-2024-2521)
The version of glibc installed on the remote host is prior to 2.26-64. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2521 advisory. The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes...
6.8AI Score
0.0005EPSS
Cisco Talos is delighted to share updates about our ongoing partnership with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to combat cybersecurity threats facing civil society organizations. Talos has partnered with CISA on several initiatives through the Joint Cyber Defense...
7.4AI Score
Debian DSA-4501-1 : libreoffice - security update
It was discovered that the code fixes to address CVE-2018-16858 and CVE-2019-9848 were not...
9.8CVSS
9.4AI Score
0.971EPSS
Rethinking Democracy for the Age of AI
There is a lot written about technology's threats to democracy. Polarization. Artificial intelligence. The concentration of wealth and power. I have a more general story: The political and economic systems of governance that were created in the mid-18th century are poorly suited for the 21st...
6.4AI Score
Picking fights and gaining rights, with Justin Brookman: Lock and Code S05E09
This week on the Lock and Code podcast… Our Lock and Code host, David Ruiz, has a bit of an apology to make: “Sorry for all the depressing episodes.” When the Lock and Code podcast explored online harassment and abuse this year, our guest provided several guidelines and tips for individuals to...
7AI Score
CentOS 9 : libreoffice-7.1.8.1-11.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the libreoffice-7.1.8.1-11.el9 build changelog. Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an...
7.8CVSS
6.6AI Score
0.001EPSS