3796 matches found
Magento XML Injection vulnerability in the Widgets Update Layout
Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution...
GHSA-8CJG-F53M-8M9Q Magento XML Injection vulnerability in the Widgets Update Layout
Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution...
Input validation
Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution...
Keyboard layout sync failures due to Microsoft API limitation
Symptom 1: In a Windows Server VDA session the keyboard layout might not sync with the client keyboard layout when launching session with the "Sync only once - when the session launches" in the Citrix Workspace App Windows/Linux/Mac keyboard setting. Symptom 2: In a Windows 10/11, Windows Server...
Malicious code in crcloud-layout (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b2872c6473427534afbbcbe64c7af6c4d0ec7259992ce2122f13e14a6e6f20c2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-1515 Malicious code in crcloud-layout (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b2872c6473427534afbbcbe64c7af6c4d0ec7259992ce2122f13e14a6e6f20c2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
OPENSUSE-SU-2023:0230-1 Security update for opensuse-welcome
This update for opensuse-welcome fixes the following issues: - CVE-2023-32184: Fixed possible security issues when using the feature to change the Xfce desktop layout, caused by a fixed temporary file path used in /tmp/layout boo1213708...
Security update for opensuse-welcome (moderate)
openSUSE Security Update: Security update for opensuse-welcome Announcement ID: openSUSE-SU-2023:0230-1 Rating: moderate References: 1213708 Cross-References: CVE-2023-32184 Affected Products: openSUSE Backports SLE-15-SP4 An update that fixes one vulnerability is now available. Description: This...
Advisory ROSA-SA-2023-2217
Software: libmicrohttpd 0.9.76 OS: ROSA-CHROME packageevrstring: libmicrohttpd-0.9.76-1.src.rpm CVE-ID: CVE-2023-27371 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: GNU libmicrohttpd before version 0.9.76 allowed remote DoS denial of service due to improper multipart/form-data boundary parsing in the...
SUSE CVE-2023-32184
A Insecure Storage of Sensitive Information vulnerability in openSUSE opensuse-welcome allows local attackers to execute code as the user that runs opensuse-welcome if a custom layout is chosen This issue affects opensuse-welcome: from 0.1 before 0.1.9+git.35.4b9444a...
PT-2023-5399 · Unknown +1 · Opensuse-Welcome +1
Name of the Vulnerable Software and Affected Versions: opensuse-welcome versions 0.1 through 0.1.9+git.35.4b9444a Description: A local attacker can execute code as the user that runs opensuse-welcome if a custom layout is chosen, due to an Insecure Storage of Sensitive Information vulnerability...
The vulnerability of the XML component of the Google Chrome browser allows a hacker to bypass the ASLR protection mechanism.
The vulnerability of the Google Chrome XML browser component is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to bypass the ASLR protection mechanism by using a specially created HTML page...
CVE-2023-38239
Adobe Acrobat Reader versions 23.003.20244 and earlier and 20.005.30467 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue...
CVE-2023-38235
Adobe Acrobat Reader versions 23.003.20244 and earlier and 20.005.30467 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue...
CVE-2023-38238
Adobe Acrobat Reader versions 23.003.20244 and earlier and 20.005.30467 and earlier are affected by a Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requir...
n00b’s guide to DEF CON. Surviving the Matrix of the underground
Ah, DEF CON. The worlds largest hacker convention. A beacon for the diverse spectrum of cyber security enthusiasts. From code-cracking challenges to the infamous Wall of Sheep, the event is a hive of activities and opportunities. But before we dive into the world of hackerdom, lets get one thing...
FollowNFT storage collision
Lines of code Vulnerability details Impact The lastFollowTokenId of FollowNFT contract has a storage collision. V2.0 storage layout: | lastFollowTokenId | uint128 | 17 | 0 | 16 | contracts/FollowNFT.sol:FollowNFT | | followerCount | uint128 | 17 | 16 | 16 | contracts/FollowNFT.sol:FollowNFT |...
The vulnerability of Adobe InDesign’s computer design automation tool, related to reading data outside the buffer in memory, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of Adobe InDesign’s computer layout automation tool is related to reading data outside the buffer in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of Adobe InDesign’s computer design automation tool, related to reading data outside the buffer in memory, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of Adobe InDesign’s computer layout automation tool is related to reading data outside the buffer in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of Adobe InDesign’s computer design automation tool, related to reading data outside the buffer in memory, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of Adobe InDesign’s computer layout automation tool is related to reading data outside the buffer in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...