400 matches found
The vulnerability of the application access control library in the SAP XS Advanced sap/xssec development, integration, and application extension platform in the SAP Business Technology Platform (BTP) environment arises from insecure management of privileges. This allows attackers to escalate their privileges.
The vulnerability of the application access control library in the SAP XS Advanced sap/xssec development, integration, and application extension platform in the SAP Business Technology Platform BTP environment is related to insecure management of privileges. Exploiting this vulnerability can allo...
How Strata Identity and Microsoft Entra ID solve identity challenges in mergers and acquisitions
This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Along with every merger and acquisition between two companies comes the need to combine and strengthen their IT infrastructure. In particular, there is an immediate and profound impa...
CVE-2023-49345
Temporary data passed between application components by Budgie Extras Takeabreak applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false...
Apple macOS Ventura Security Vulnerability
Apple macOS Ventura is a desktop operating system from Apple Inc. in the United States. A security vulnerability exists in Apple macOS Ventura version 13.6.3, which stems from an application that may be able to access sensitive user data...
CVE-2023-49443
DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack...
Microsoft Incident Response lessons on preventing cloud identity compromise
Microsoft observed a surge in cyberattacks targeting identities in 2023, with attempted password-based attacks increasing by more than tenfold in the first quarter of 2023 compared to the same period in 2022. Threat actors leverage compromised identities to achieve a significant level of access t...
Apple macOS Log Information Disclosure Vulnerability
Apple macOS is a specialized operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS Sonoma version 14.1, which stems from an application that may be able to access sensitive user data...
Information disclosure
The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker with access to the network, where clients have access to the DexGate server, could capture traffic. The attacker can later us the information within it to access the...
CVE-2023-41088 Cleartext Transmission of Sensitive Information in DEXMA DEXGate
The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker with access to the network, where clients have access to the DexGate server, could capture traffic. The attacker can later us the information within it to access the...
Login using Okta shows the message "It doesn't look like you have any apps/desktops"
When Okta authentication is used to login for Citrix Cloud, user don't see application or desktop. Instead they get the message: "It doesn't look like you have any apps/desktops"...
Workspace error "Your account cannot be added using this mail address" or "Cannot contact store"
When attempting to add account with NetScaler Gateway FQDN on Windows Workspace, users encounter below error message: "Your account cannot be added using this email address." Or "Your apps are not available at this time. Please try again in few minutes or contact your help desk with this...
CVE-2023-35683
In bindSelection of DatabaseUtils.java, there is a possible way to access files from other applications due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
Apple macOS Ventura 安全漏洞
Apple macOS Ventura is a desktop operating system by Apple Inc. A security vulnerability exists in Apple macOS Ventura, which originates from an application that may be able to modify protected portions of the file system...
CVE-2023-3638 GeoVision GV-ADR2701 Improper Authentication
In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application...
ADC LB VIP sending Reset with code 9872
1. Application was being accessed through the LB vServer and it was not loading 2.nstrace taken on the ADC showedRST flag:0x014 sent by VIP to the client in response to almost every GET request sent by the client. 3. ADC was sending RST with window size 9872 which means Websocket upgrade request...
Apple macOS Ventura 安全漏洞
Apple macOS Ventura is a desktop operating system from Apple Inc. in the United States. A security vulnerability exists in Apple macOS Ventura that originates from an application that may be able to modify protected portions of the file system...
Apple macOS Ventura 安全漏洞
Apple macOS Ventura is a desktop operating system from Apple Inc. in the United States. A security vulnerability exists in Apple macOS Ventura version 13.4, which stems from an application that may be able to modify protected portions of the file system...
Apple macOS Ventura 安全漏洞
Apple macOS Ventura is a desktop operating system from Apple Inc. in the United States. A security vulnerability exists in Apple macOS Ventura version 13.4, which stems from an application that may be able to read sensitive location information...
OpenEMR Access Control Error Vulnerability (CNVD-2023-40910)
OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. An Access Control Error vulnerability exists in OpenEMR versions prior to 7.0.1,...
PT-2023-2925
Name of the Vulnerable Software and Affected Versions Weaver e-cology versions up to 9.0 Description A problematic vulnerability was found in the RequestInfoByXml function of the API component, leading to xml external entity reference. This issue is related to incorrect restriction of XML links t...