Уязвимость пакета офисных программ LibreOffice, связанная с некорректной проверкой криптографической подписи, позволяющая нарушителю подделывать цифровые подписи

Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation. In the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1 signatures could cause invalid signatures to be accepted as valid This issue affects LibreOffice: from 24.8 before < 24.8.6, from 25.2 before < 25.2.2.

Скрыть значок запуска

missing dependency on rust toolchain

Уязвимость платформ для архивирования корпоративной информации HashiCorp Vault и Vault Enterprise, связанная с вставкой конфиденциальной информации в файл журнала, позволяющая нарушителю получить доступ к конфиденциальной информации

Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9.

A vulnerability has been found in Hercules Augeas 1.14.1 and classified as problematic. This vulnerability affects the function re_case_expand of the file src/fa.c. The manipulation of the argument re leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

No data currently available.

No data currently available.

No data currently available.

No data currently available.

Дополнительно необходимая утилита opj_decompress называется opj2_decompress в репозитории