CVE-2022-3916 Keycloak: session takeover with oidc offline refreshtokens

A flaw was found in the offlineaccess scope in Keycloak. This issue would affect users of shared computers more especially if cookies are not cleared, due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to...

Rewrite policy fail to honored when binding to NetScaler Gateway Virtual Server

When you're trying to insert some promptsto NetScaler Gateway logon page via Rewrite policy, you may find the prompts strings are not displayed even if you refresh the web page or clear all browser cache. The Rewrite policy is not honored as expected...

Use After Free

Firefox is vulnerable to Use After Free. The vulnerability exists if the Refresh Driver is destroyed at an inopportune time, which allows an attacker to cause an application crash through the memory corruption via malicious SVG image...

SUSE CVE-2022-46884

A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have lead to memory corruption or a potentially exploitable crash. Note: This advisory was added on December 13th, 2022 after discovering it was inadvertently left...

CVE-2022-46884

A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have lead to memory corruption or a potentially exploitable crash. Note: This advisory was added on December 13th, 2022 after discovering it was inadvertently left...

Design/Logic Flaw

A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have lead to memory corruption or a potentially exploitable crash. Note: This advisory was added on December 13th, 2022 after discovering it was inadvertently left...

UBUNTU-CVE-2022-46884

A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have lead to memory corruption or a potentially exploitable crash. Note: This advisory was added on December 13th, 2022 after discovering it was inadvertently left...

WEM Service : Unable to connect to the Citrix WEM cloud connectors

Unable to refresh the cache of the WEM agent which uses proxy for Internet access Cache refresh is possible on the WEM agent with direct Internet access...

Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affect Rational Functional Tester

Summary There is vulnerability in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java...

CVE-2023-4374

The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refreshlogsasync' functions in versions up to, and including, 1.2.11. This makes it possible for authenticated attackers with subscriber...

CVE-2023-4374

The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refreshlogsasync' functions in versions up to, and including, 1.2.11. This makes it possible for authenticated attackers with subscriber...

CVE-2023-4374 WP Remote Users Sync <= 1.2.11 - Missing Authorization to Authenticated (Subscriber+) Log View

The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refreshlogsasync' functions in versions up to, and including, 1.2.11. This makes it possible for authenticated attackers with subscriber...

WordPress Plugin Remote Users Sync 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2023-28959 · WordPress · Wp Remote Users Sync

Name of the Vulnerable Software and Affected Versions: WP Remote Users Sync plugin for WordPress versions up to, and including, 1.2.11 Description: The issue allows unauthorized access and addition of data due to a missing capability check on the refresh logs async function. This makes it possibl...

nodejs: DiffieHellman do not generate keys after setting a private key

A vulnerability has been identified in the Node.js, where a generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys, that is, it only generates a private key if none has been set yet...

SUSE: Security Advisory (SUSE-SU-2023:2849-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-2562

The Gallery Metabox for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the refreshmetabox function in versions up to, and including, 1.5. This makes it possible for subscriber-level attackers to obtain a list of images attached to a post...

WordPress Plugin Gallery Metabox 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2023-34414

The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before navigating to a sit...

Mozilla: Click-jacking certificate exceptions through rendering lag

The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user...