OPENSUSE-SU-2024:11454-1 texlive-simplified-latex-2021.186.svn20620-50.3 on GA media

These are all security issues fixed in the texlive-simplified-latex-2021.186.svn20620-50.3 package on the GA media of openSUSE Tumbleweed...

Keyboard layout sync failures due to Microsoft API limitation

Symptom 1: In a Windows Server VDA session the keyboard layout might not sync with the client keyboard layout when launching session with the "Sync only once - when the session launches" in the Citrix Workspace App Windows/Linux/Mac keyboard setting. Symptom 2: In a Windows 10/11, Windows Server...

Old certificate, new signature: Open-source tools forge signature timestamps on Windows drivers

Cisco Talos has observed threat actors taking advantage of a Windows policy loophole that allows the signing and loading of cross-signed kernel mode drivers with signature timestamp prior to July 29, 2015. Actors are leveraging multiple open-source tools that alter the signing date of kernel mode...

CVE-2022-44632

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Denis Buka Content Repeater – Custom Posts Simplified plugin = 1.1.13 versions...

CVE-2022-44632

CVE-2022-44632 affects the WordPress plugin Denis Buka Content Repeater – Custom Posts Simplified (components: WordPress plugin; vulnerable versions: ≤ 1.1.13). The issue is a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. The root cause is no...

WordPress Plugin Denis Buka Content Repeater – Custom Posts Simplified 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

Microsoft continues to innovate to help secure small businesses

Small and medium-sized businesses are at the heart of our economy and are dedicated to driving value for their customers, whether that means trying new recipes, exploring new inventory, expanding services, arranging the shop so it’s easier to navigate, or keeping the shelves stocked with the...

SUSE CVE-2016-1653

The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds write operation, related...

CVE-2022-48323

Sunlogin Sunflower Simplified aka Sunflower Simple and Personal 1.0.1.43315 is vulnerable to a path traversal issue. A remote and unauthenticated attacker can execute arbitrary programs on the victim host by sending a crafted HTTP request, as demonstrated by /check?cmd=ping../ followed by the...

CVE-2022-48323

Sunlogin Sunflower Simplified aka Sunflower Simple and Personal 1.0.1.43315 is vulnerable to a path traversal issue. A remote and unauthenticated attacker can execute arbitrary programs on the victim host by sending a crafted HTTP request, as demonstrated by /check?cmd=ping../ followed by the...

Path traversal

Sunlogin Sunflower Simplified aka Sunflower Simple and Personal 1.0.1.43315 is vulnerable to a path traversal issue. A remote and unauthenticated attacker can execute arbitrary programs on the victim host by sending a crafted HTTP request, as demonstrated by /check?cmd=ping../ followed by the...

CVE-2022-48323

Sunlogin Sunflower Simplified aka Sunflower Simple and Personal 1.0.1.43315 is vulnerable to a path traversal issue. A remote and unauthenticated attacker can execute arbitrary programs on the victim host by sending a crafted HTTP request, as demonstrated by /check?cmd=ping../ followed by the...

CVE-2022-48323

Sunlogin Sunflower Simplified (Sunflower Simple/Personal) 1.0.1.43315 is vulnerable to a path traversal that enables remote code execution. A remote, unauthenticated attacker can exploit HTTP requests (e.g., /check?cmd=ping../) to run arbitrary programs on the victim host. The Nuclei template con...

VulnCheck KEV: CVE-2022-48323

Sunlogin Sunflower Simplified aka Sunflower Simple and Personal 1.0.1.43315 is vulnerable to a path traversal issue. A remote and unauthenticated attacker can execute arbitrary programs on the victim host by sending a crafted HTTP request, as demonstrated by /check?cmd=ping../ followed by the...

Potential issue with Vault.depost function

Lines of code Vulnerability details Impact Contract Vault is a private vault which only allows the owner also the strategist to deposit. However, Vault.deposit uses an unnecessary complicated logic requires.allowListmsg.sender && receiver == owner; to allow only owner to deposit actually the...

Do more with less with Microsoft Security—3 strategies to get you started

Relentless bad actors, evolving attack tactics, and numerous surfaces and endpoints that attackers may try to exploit. With the average cost of a data breach reaching an all-time high of USD4.35 million in 2022,1 protecting your people and data from adversaries is more important than ever. Plus,...

[SECURITY] Fedora 37 Update: librime-1.7.3-3.fc37

Rime Input Method Engine Library Support for shape-based and phonetic-based input methods, including those for Chinese dialects. A selected dictionary in Traditional Chinese, powered by opencc for Simplified Chinese output...

New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems

A previously undocumented command-and-control C2 framework dubbed Alchimist is likely being used in the wild to target Windows, macOS, and Linux systems. "Alchimist C2 has a web interface written in Simplified Chinese and can generate a configured payload, establish remote sessions, deploy payloa...

simplifiedmarketingsolutions.ca Cross Site Scripting vulnerability OBB-2819130

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Vulristics Command Line Interface, improved Product & Vuln. Type Detections and Microsoft Patch Tuesday November 2021

Hello everyone! In this episode I want to highlight the latest changes in my Vulristics project. For those who dont know, this is a utility for prioritizing CVE vulnerabilities based on data from various sources.. Currently Microsoft, NVD, Vulners, AttackerKB. Command Line Interface I started...