#mac

Red Hat Product Security is pleased to announce that a new security metadata offering, the Common Security Advisory Framework (CSAF), is now available in beta form. CSAF 2.0 is the successor to the Common Vulnerability Reporting Framework (CVRF) version 1.2, and contains many enhancements to the information provided in each CSAF file. Additionally, CSAF uses the JSON format instead of the XML format used by CVRF.

This advisory contains mitigations for Uncontrolled Search Path Element, Cleartext Transmission of Sensitive Information vulnerabilities in AutomationDirect C-More EA9 human-machine interface products.

### Impact InvenTree allows unrestricted upload of files as attachments to various database fields. Potentially dangerous files (such as HTML files containing malicious javascript) can be uploaded, and (when opened by the user) run the malicious code directly in the users browser.  *Note that the upload of malicious files must be performed by an authenticated user account* ### Solution The solution for this vulnerability is to ensure that attachment files are downloaded to the local machine before opening, rather than opening the file in the current browser context. ### Patches - The issue is addressed in the upcoming 0.8.0 release - This fix will also be back-ported to the 0.7.x branch, applied to the 0.7.2 release ### Workarounds Users can alleviate risk of opening malicious files by right-clicking on the attachment link and selecting "Save link as" ![image](https:...

Affected versions of this crate did not properly check the length of an enum when using `enum_map!` macro, trusting user-provided length. When the `LENGTH` in the `Enum` trait does not match the array length in the `EnumArray` trait, this can result in the initialization of the enum map with uninitialized types, which in turn can allow an attacker to execute arbitrary code. This problem can only occur with a manual implementation of the Enum trait, it will never occur for enums that use `#[derive(Enum)]`. Example code that triggers this vulnerability looks like this: ```rust enum E { A, B, C, } impl Enum for E { const LENGTH: usize = 2; fn from_usize(value: usize) -> E { match value { 0 => E::A, 1 => E::B, 2 => E::C, _ => unimplemented!(), } } fn into_usize(self) -> usize { self as usize } } impl<V> EnumArray<V> for E { type Array = [V; 3]; } let _map: EnumMap<E, String>...

Affected version of this crate, which is a required dependency in com-impl, provides a faulty implementation of the `IUnknown::QueryInterface` method. `QueryInterface` implementation must call `IUnknown::AddRef` before returning the pointer, as describe in this documentation: <https://docs.microsoft.com/en-us/windows/win32/api/unknwn/nf-unknwn-iunknown-queryinterface(refiid_void)> As it is not incrementing the refcount as expected, the following calls to `IUnknown::Release` method will cause WMI to drop reference to the interface, and can lead to invalid reference. This is documented in <https://docs.microsoft.com/en-us/windows/win32/learnwin32/managing-the-lifetime-of-an-object#reference-counting> There is no simple workaround, as you can't know how many time QueryInterface will be called. The only way to quick fix this is to use the macro expanded version of the code and modify the QueryInterface method to add the AddRef call yourself. The issue was corrected in commit `9803f...

By Owais Sultan What is VPS? VPS can be a great solution for the web presence of your business, blog, e-commerce,… This is a post from HackRead.com Read the original post: How to configure cPanel and WHM Panel on your VPS

Affected versions of this crate did substitute the array length provided by an user at compile-time multiple times. When an impure constant expression is passed as an array length (such as a result of an impure procedural macro), this can result in the initialization of an array with uninitialized types, which in turn can allow an attacker to execute arbitrary code. The flaw was corrected in commit [d5b63f72](https://gitlab.com/KonradBorowski/array-macro/-/commit/d5b63f72090f3809c21ac28f9cfd84f12559bf7d) by making sure that array length is substituted just once.

Affected versions of this crate called some methods using auto-ref. The affected code looked like this. ```rust let mut arr = $crate::__core::mem::MaybeUninit::uninit(); let mut vec = $crate::__ArrayVec::<T>::new(arr.as_mut_ptr() as *mut T); ``` In this case, the problem is that `as_mut_ptr` is a method of `&mut MaybeUninit`, not `MaybeUninit`. This made it possible for traits to hijack the method calls in order to cause unsoundness. ```rust trait AsMutPtr<T> { fn as_mut_ptr(&self) -> *mut T; } impl<T> AsMutPtr<T> for std::mem::MaybeUninit<T> { fn as_mut_ptr(&self) -> *mut T { std::ptr::null_mut() } } array![0; 1]; ``` The flaw was corrected by explicitly referencing variables in macro body in order to avoid auto-ref.

By Owais Sultan Microsoft is a global leader in cloud storage and data protection. They prove that even the most respected… This is a post from HackRead.com Read the original post: How Data Landlords Put Their Tenants at Risk

An issue was discovered on D-Link DIR-850L 1.21WW devices. A partially completed WPA handshake is sufficient for obtaining full access to the wireless network. A client can access the network by sending packets on Data Frames to the AP without encryption.