JLSEC-2026-104 Deno's improper suffix match testing for DENO_AUTH_TOKENS

Summary Deno improperly checks that an import specifier's hostname is equal to or a child of a token's hostname, which can cause tokens to be sent to servers they shouldn't be sent to. An auth token intended for example.com may be sent to notexample.com. Details authtokens.rs uses a simple endswi...

MiracleLinux 4 : krb5-1.10.3-10.AXS4.1 (AXSA:2013-280:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-280:01 advisory. Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of...

Citrix Provisioning Services Target Device Displays Incorrect Windows Time

Target Devices may display the incorrect time. The Device time differs from that of the domain controllers. The symptoms can vary but include: 1. The inability to login to the Target Device 2. The Device domain Trust Relationship breaks. 3. VDA registration continues to fail...

People's Republic of China-Linked Cyber Actors Hide in Router Firmware

Executive Summary The United States National Security Agency NSA, the U.S. Federal Bureau of Investigation FBI, the U.S. Cybersecurity and Infrastructure Security Agency CISA, the Japan National Police Agency NPA, and the Japan National Center of Incident Readiness and Strategy for Cybersecurity...

How to troubleshoot PVS target device domain trust issue

Since both Citrix and Microsoft and 3rd party software can initiate changing password, sometimes the TD may lose domain trust. Reset machine password from PVS console can solve the issue, but sometimes we need to find out the root cause if too many TDs lose domain trust. This article aims to give...

July 26, 2019—KB4505903 (OS Build 18362.267)

July 26, 2019—KB4505903 OS Build 18362.267 Note Follow @WindowsUpdate to find out when new content is published to the release information dashboard. For more information about the various types of Windows updates, such as critical, security, driver, service packs, etc., please see the following...

Domain Trust broken on new versions of a domain-joined layer because the computer name has changed

When creating a Platform Layer, it's normal to join it to the domain and leave it joined to the domain. When you add another version to your platform layer, you find that the Computer Name has changed, and that breaks domain trust. On the packaging machine, when you attempt to log on, you receive...

Ubiquiti Inc.: Reflected XSS

Due to the lack of sanitisation in the commend area, with a especially crafted message, is possible to execute a XSS with the "preview" function. If a draft is save, is possible to exploit this bug using as and stored-XSS. The "New Discussion" page on the Spanish and Portuguese forums have a...

Receiver pass through is failing with Storefront when we are trying to launch application across domains/forests.

We have two domains “Domain1.com" and "Domain2.com" in different forest. External two way trust relationship exists between 2 domains. XenApp and XML servers are in “Domain2.com" domain and Store front servers are in “Domain1.com" domain. Few users in "Domain1.com" domain is part of a global grou...

Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 LSA Secrets Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/231/info The HKeyLocalMachine\SECURITY\Policy\Secrets\ key contains obfuscated data for various system services/resources. Clear-text usernames and passwords for services running under the context of a user account,...

Подключение под чужим SID между доменами Windows 2000 (privelege escalation)

При вход пользователя из доверяемого домена доверяющий домен не проверяет принадлежность SID доверяющему домену. Это позволяет использовать SID пользователя другого домена...

CVE-1999-0583

Technical details about CVE-1999-0583 are not publicly available in the provided documents. The descriptions only mention a trust relationship between Windows NT domains. Monitor for updates and additional advisories for concrete impact, affected products, and fixes.