#mac

### Impact A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users, including the following: - `/api/graphql/` (1) - `/api/users/users/session/` (Nautobot 2.x only; the only information exposed to an anonymous user is which authentication backend classes are enabled on this Nautobot instance) - `/dcim/racks/<uuid:pk>/dynamic-groups/` (1) - `/dcim/devices/<uuid:pk>/dynamic-groups/` (1) - `/extras/job-results/<uuid:pk>/log-table/` - `/extras/secrets/provider/<str:provider_slug>/form/` (the only information exposed to an anonymous user is the fact that a secrets provider with the given slug (e.g. `environment-variable` or `text-file`) is supported by this Nautobot instance) - `/ipam/prefixes/<uuid:pk>/dynamic-groups/` (1) - `/ipam/ip-addresses/<uuid:pk>/dynamic-groups/` (1) - `/virtualization/clusters/<uuid:pk>/dynamic-groups/` (1) - `/virtualization/virtual-machines/<uuid:pk>/dynamic-groups/` (1) (1) These endpoints will not discl...

### Summary The custom action behind WiX's `RemoveFolderEx` functionality could allow a standard user to delete protected directories. ### Details `RemoveFolderEx` deletes an entire directory tree during installation or uninstallation. It does so by recursing every subdirectory starting at a specified directory and adding each subdirectory to the list of directories Windows Installer should delete. If the setup author instructed `RemoveFolderEx` to delete a per-user folder from a per-machine installer, an attacker could create a directory junction in that per-user folder pointing to a per-machine, protected directory. Windows Installer, when executing the per-machine installer after approval by an administrator, would delete the target of the directory junction.

### Impact WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code [subject to the restrictive security permissions documented here](https://wp-crontrol.com/docs/php-cron-events/). While there is _no known vulnerability in this feature on its own_, there exists potential for this feature to be vulnerable to RCE if it were specifically targeted via vulnerability chaining that exploited a separate SQLi (or similar) vulnerability. This is exploitable on a site if one of the below preconditions are met: * The site is vulnerable to a writeable SQLi vulnerability in any plugin, theme, or WordPress core * The site's database is compromised at the hosting level * The site is vulnerable to a method of updating arbitrary options in the `wp_options` table * The site is vulnerable to a method of triggering an arbitrary action, filter, or function with control of the parameters ### Patches As a hardening measure, WP...

### Impact KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\def` or `\newcommand` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user's KaTeX input will be unable to use the site due to memory overflow, tying up the main thread, or stack overflow. ### Patches Upgrade to KaTeX v0.16.10 to remove this vulnerability. ### Workarounds Forbid inputs containing any of the characters `₊₋₌₍₎₀₁₂₃₄₅₆₇₈₉ₐₑₕᵢⱼₖₗₘₙₒₚᵣₛₜᵤᵥₓᵦᵧᵨᵩᵪ⁺⁻⁼⁽⁾⁰¹²³⁴⁵⁶⁷⁸⁹ᵃᵇᶜᵈᵉᵍʰⁱʲᵏˡᵐⁿᵒᵖʳˢᵗᵘʷˣʸᶻᵛᵝᵞᵟᵠᵡ` before passing them to KaTeX. (There is no easy workaround for the auto-render extension.) ### Details KaTeX supports an option named `maxExpand` which aims to prevent infinitely recursive macros from consuming all available memory and/or triggering a stack overflow error. Unfortunately, [support for "Unicode (sub|super)script characters"](https://github.com/KaTeX/...

### Impact KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\edef` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user's KaTeX input will be unable to use the site due to memory overflow, tying up the main thread, or stack overflow. ### Patches Upgrade to KaTeX v0.16.10 to remove this vulnerability. ### Workarounds Forbid inputs containing the substring `"\\edef"` before passing them to KaTeX. (There is no easy workaround for the auto-render extension.) ### Details KaTeX supports an option named `maxExpand` which prevents infinitely recursive macros from consuming all available memory and/or triggering a stack overflow error. However, what counted as an "expansion" is a single macro expanding to any number of tokens. The expand-and-define TeX command `\edef` can be used to build up an exponential number of tokens using ...

subprocess call with shell=True identified, security issue. #### Code On file [src/ansys/geometry/core/connection/product_instance.py](https://github.com/ansys/pyansys-geometry/blob/52cba1737a8a7812e5430099f715fa2160ec007b/src/ansys/geometry/core/connection/product_instance.py#L403-L428): ``` 403 def _start_program(args: List[str], local_env: Dict[str, str]) -> subprocess.Popen: 404 """ 405 Start the program where the path is the first item of the ``args`` array argument. 406 407 Parameters 408 ---------- 409 args : List[str] 410 List of arguments to be passed to the program. The first list's item shall 411 be the program path. 412 local_env : Dict[str,str] 413 Environment variables to be passed to the program. 414 415 Returns 416 ------- 417 subprocess.Popen 418 The subprocess object. 419 """ 420 return subprocess.Popen( 421 args, 422 shell=os.name != "nt", 423 stdin=subprocess.DEVN...

US and UK officials hit Chinese hacking group APT31 with sanctions and criminal charges after they targeted thousands of businesses, politicians, and critics of China.

This week on the Lock and Code podcast, we speak with Carey Parker about the importance and the process of securing your home network.

Three things you could learn from the cyber incident review produced by the British Library following its October ransomware attack.

By Deeba Ahmed New Dark Web Tool GEOBOX, sold for $700 on Telegram and underground forums, hijacks Raspberry Pi, allowing cybercriminals to fake locations and evade detection. This is a post from HackRead.com Read the original post: New GEOBOX Tool Hijacks Raspberry Pi, Lets Hackers Fake Location