[SECURITY] Fedora 36 Update: kitty-0.26.3-2.fc36

Offloads rendering to the GPU for lower system load and buttery smooth scrolling. Uses threaded rendering to minimize input latency. - Supports all modern terminal features: graphics images, unicode, true-col or, OpenType ligatures, mouse protocol, focus tracking, bracketed paste and several new...

[SECURITY] Fedora 37 Update: kitty-0.26.3-2.fc37

Offloads rendering to the GPU for lower system load and buttery smooth scrolling. Uses threaded rendering to minimize input latency. - Supports all modern terminal features: graphics images, unicode, true-col or, OpenType ligatures, mouse protocol, focus tracking, bracketed paste and several new...

Jodit Editor 跨站脚本漏洞

A cross-site scripting vulnerability exists in Jodit Editor 3.0.0 and later, and 3.20.4 and earlier, due to a lack of effective filtering and escaping of user-supplied data when pasting specially constructed input. An attacker could use this vulnerability to launch a cross-site scripting attack...

slack-morphism-hyper (>=0.10.0 <=0.40.0), slack-paste (=0.1.0) potentially affected by CVE-2022-31162 via slack-morphism (>=0.10.0 <=0.40.0)

slack-morphism CARGO version =0.10.0, =0.10.0, =0.40.0 - slack-paste =0.1.0 Source cves: CVE-2022-31162 Source advisory: OSV:RUSTSEC-2022-0086...

slack-morphism-hyper (>=0.10.0 <=0.40.0), slack-paste (=0.1.0) potentially affected by CVE-2022-31162 via slack-morphism (>=0.10.0 <=0.40.0)

slack-morphism CARGO version =0.10.0, =0.10.0, =0.40.0 - slack-paste =0.1.0 Source cves: CVE-2022-31162 Source advisory: OSV:GHSA-99J7-MHFH-W84P...

MAL-2022-4091 Malicious code in k-paste (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2a6b12ef2387a7c507563af7c5478f0d551db852a6ecca091066addfac40414d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in k-paste (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2a6b12ef2387a7c507563af7c5478f0d551db852a6ecca091066addfac40414d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6692 Malicious code in twilio-paste (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 93d06a5f6a7270e3d9452e95cf9918a22f7b3f0329e7edba41c19eb676778142 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in twilio-paste (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 93d06a5f6a7270e3d9452e95cf9918a22f7b3f0329e7edba41c19eb676778142 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-7GFC-2V6G-6W9F Paste is vulnerable to Cross-site Scripting via vectors involving a 404 status code

Multiple cross-site scripting XSS vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to 1 paste.urlparser.StaticURLParser, 2...

Paste Script has improper group memberships permissions

Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem...

GHSA-27PX-QPMJ-QG38 Paste Script has improper group memberships permissions

Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem...

GHSA-7F2C-VP52-GMFW OpenStack keystonemiddleware does not verify certificate

OpenStack keystonemiddleware formerly python-keystoneclient 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct man-in-the-middle...

OpenStack keystonemiddleware and python-keystoneclient vulnerable to man-in-the-middle attacks

The s3token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct...

April 25, 2022—KB5011831 (OS Builds 19042.1682, 19043.1682, and 19044.1682) Preview

April 25, 2022—KB5011831 OS Builds 19042.1682, 19043.1682, and 19044.1682 Preview 3/15/22 IMPORTANT Windows 10, version 20H2 will reach end of service on May 10, 2022 for devices running the Home, Pro, Pro Education, and Pro for Workstations editions. After May 10, 2022, these devices will no...

Description of the security update for SharePoint Server 2019: April 12, 2022 (KB5002180)

Description of the security update for SharePoint Server 2019: April 12, 2022 KB5002180 Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2022-24472. Note: To...

RocketChat LiveChat 跨站脚本漏洞

RocketChat LiveChat is a small, lightweight application from RocketChat Inc. designed to provide B2C business-to-customer communication between agents and website visitors. A cross-site scripting vulnerability exists in RocketChat LiveChat versions prior to 1.9, which can be exploited by an...

CWA for Chrome: Unable to copy-paste cells from Published Excel App to Google sheets opened locally

When you copy multiple cell values from Excel App via ICA to Google Sheets accessed from Local PC the values fail to get pasted to Google Sheets...

vim: Heap-based buffer overflow in getexmodeline() in ex_getln.c

A flaw was found in vim. The vulnerability occurs due to illegal memory access with bracketed paste in Ex mode and leads to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution...

Android Enterprise: Allow cross file copy and paste policy not working as expected after Citrix Endpoint Management upgraded to 22.2.0 (or later).

Customers who's restriction policy setting "Allow cross file copy and paste" is not working as expected after Citrix Endpoint Management CEM upgraded to 22.2.0 or later release...