Tag
Password vault vendor accused of making a hash of encryption
The company will block the configuration files, which interact with Web applications — since threat actors increasingly use the capability to install malicious code.
In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation.
Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency.
An update for libreoffice is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3140: libreoffice: Macro URL arbitrary script execution * CVE-2022-26305: libreoffice: Execution of Untrusted Macros Due to Improper Certificate Validation * CVE-2022-26306: libreoffice: Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password * CVE-2022-26307: libreoffice: Weak Master Keys
Use threat intelligence to reduce chance of success for malicious insider and Dark Web threats.
Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.)
** UNSUPPORTED WHEN ASSIGNED ** dtprintinfo in Common Desktop Environment 1.6 has a bug in the parser of lpstat (an invoked external command) during listing of the names of available printers. This allows low-privileged local users to inject arbitrary printer names via the $HOME/.printers file. This injection allows those users to manipulate the control flow and disclose memory contents on Solaris 10 systems. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Debian Linux Security Advisory 5323-1 - It was discovered that the CompareTool of iText, a Java PDF library which uses the external ghostscript software to compare PDFs at a pixel level, allowed command injection when parsing a specially crafted filename.
Multiple vulnerabilities have been discovered across Common Desktop Environment version 1.6, Motif version 2.1, and X.Org libXpm versions prior to 3.5.15 on Oracle Solaris 10 that can be chained together to achieve root.