SUSE-SU-2022:4201-1 Security update for nginx

This update for nginx fixes the following issues: - CVE-2021-3618: Fixed the ALPACA attack limiting the number of errors after which the connection is closed bsc1187685...

SUSE-SU-2022:4192-1 Security update for nginx

This update for nginx fixes the following issues: - CVE-2021-3618: Fixed the ALPACA attack limiting the number of errors after which the connection is closed bsc1187685...

Error connecting to PVS Farm with Credentials from trusted domain using Selective Trust

When connecting to the PVS Farm "localhost" with credentials from a trusted domain, an error is thrown that reads: "Error Domain Controller" and "unable to connect to the domain Controller if any or the default rootDSE. Error code: 60075030, message: Access is denied Exception from HRESULT:...

CWA for Android: We were unable to tunnel through the proxy

Viewer of CWA for Android fail to establish connection to VDA with below given error message We were unable to connect through the proxy. Error - 0 Logs show following error logs 02-10 05:44:55.989 1117 28821 W System.err: Caused by: android.system.GaiException: androidgetaddrinfo failed: EAINODA...

CVE-2022-31098 Weave GitOps leaked cluster credentials into logs on connection errors

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of...

Weave GitOps leaked cluster credentials into logs on connection errors

Impact A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of registered Kubernetes clusters, including the service account tokens in plain text from Weave GitOps's pod logs on the management cluster...

PVS Wizard fails to connect to Cloud

In the process of using a PVS Wizard, after entering your credentials to connect to Citrix Cloud, you might see this error: "Cannot connect to the Citrix Virtual Desktops Controller at : Citrix Virtual Desktops FullAdmin or MachineAdmin permission required." Following the below steps 1. If Remote...

CWA for Mac 2203: Random Session disconnects

CWA for Mac will disconnect a session at random. Auto connect-back will also fail. SSL connection error - "status 43" will be reported in Citrix Viewer logs | 03-16-2022 | 10:17:48.817 | 2724 | 5 | sslasock.c | 1359 | SSLDecryptPacket | TCTD | TTERROR | doDecryptData failed. status: 43 | 03-16-20...

Attendance and Payroll System v1.0 - Remote Code Execution Exploit

Exploit Title: Attendance and Payroll System v1.0 - Remote Code Execution RCE Exploit Author: pr0z Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/apsystem.zip Version: v1.0 Tested on: Linux, MySQL, Apache import...

Attendance and Payroll System v1.0 - Remote Code Execution (RCE)

Exploit Title: Attendance and Payroll System v1.0 - Remote Code Execution RCE Date: 04/03/2022 Exploit Author: pr0z Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/apsystem.zip Version: v1.0 Tested on: Linux,...

SRC-2022-0008 : VMware Workspace ONE Access ApplicationSetupController dbTestConnection JDBC Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Workspace ONE Access. Authentication is required to exploit this vulnerability. The specific flaw exists within ApplicationSetupController class. The issue results from...

Unable to Logon to Workspace Application externally, throws error "Unable to connect to the server"

Unable to connect to the server on Citrix workspace client when logging into it. It throws an error "unable to connect to the server". This happens on the Citrix Workspace app. However, when we use the workspace URL on the browser, then, we can authenticate successfully and also launch...

Unable to integrate Azure Active Directory as IDP directly on CEM

While performing AAD integration in CEM console, it shows error stating 'Your IDP settings could not be saved. The connection failed. Please review the information you entered.' We do not see any errors in the CEM logs for above issue...

Secure Hub shows an error and fails to connect after upgrading to a fixed firmware build to address CVE-2020-8299/ CVE-2020-8300

Secure Hub shows an error and fails to connect after upgrading to a fixed firmware build to addressCVE-2020-8299/ CVE-2020-8300. Users can no longer log in to Secure Hub or if already logged in cannot refresh policies...

Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass Exploit

Exploit Title: Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass Exploit Author: Mesh3l911 Vendor Homepage: https://www.discourse.org/ Software Link:https://github.com/discourse/discourse Version: Discourse 2.7.0 CVE: CVE-2021-3138 import requests username = input"\n input ur username : "...

CVE-2021-24029

A packet of death scenario is possible in mvfst via a specially crafted message during a QUIC session, which causes a crash via a failed assertion. Per QUIC specification, this particular message should be treated as a connection error. This issue affects mvfst versions prior to commit...

Session fixation

A packet of death scenario is possible in mvfst via a specially crafted message during a QUIC session, which causes a crash via a failed assertion. Per QUIC specification, this particular message should be treated as a connection error. This issue affects mvfst versions prior to commit...

CVE-2021-24029

Summary of CVE-2021-24029 (mvfst/proxygen) : A specially crafted QUIC message can trigger a crash via a failed assertion in mvfst, treated as a connection error per QUIC spec. The issue affects mvfst versions prior to commit a67083ff4b8dcbb7ee2839da6338032030d712b0 and proxygen versions prior to ...

Getting " Your account cannot be added using this server address" error when VPN Session policy is configured with CLASSIC EXPRESSION and bound under AAA User/Group

User tries to connect to Citrix Gateway Vserver from Citrix Workspace will be getting " Your account cannot be added using this server address" when VPN Session policy for Citrix Receiver is configured with CLASSIC EXPRESSION and bound under AAA User/Group a shown below. No issue occurs through W...

wildfly: resource adapter logs plaintext JMS password at warning level on connection error

A flaw was found in wildfly. JMS passwords are logged by the resource adaptor in plain text at the warning level when a connection error occurs allowing any user that has access to the log to gain access to this sensitive information. The highest threat from this vulnerability is to data...