Receiver for Chromebook Users Cannot Log On to Access Gateway Enterprise Edition

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company's Help Desk/IT support team and can refer to CTX297149 for more information. Users running the Receiver for Chromebook 1.0 cannot log on to Access Gateway Enterprise Edition...

CVE-2021-3513

A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to confidentiality...

CVE-2021-24232 Advanced Booking Calendar < 1.6.8 - Authenticated Reflected Cross-Site Scripting (XSS)

The Advanced Booking Calendar WordPress plugin before 1.6.8 does not sanitise the license error message when output in the settings page, leading to an authenticated reflected Cross-Site Scripting issue...

Information disclosure

The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an...

Mac Receiver Launches Application and Closes Abruptly

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. User is unable to log on from a MacBook using the Citrix Receiver for Mac. The session opens and...

Atlassian Jira Server & Data Center 安全漏洞

Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia, Atlassian JIRA Server is a server version of a defect tracking management system. Atlassian JIRA Data Center is the data center version of Atlassian JIRA, which is a security vulnerability that could be...

Code injection

MobileIron Mobile@Work through 2021-03-22 allows attackers to distinguish among valid, disabled, and nonexistent user accounts by observing the number of failed login attempts needed to produce a Lockout error message...

Citrix PVS: Target Devices giving error message "login request timed out " after Power Outage

After an interruption in service, some target devices are giving an error "login request timed out"...

GitLab EE Information Disclosure Vulnerability (CNVD-2021-22909)

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is GitLab Enterprise Edition. GitLab EE has an information disclosure vulnerability. The...

"Http/1.1 Internal Server Error 43531" when accessing Citrix Gateway after upgrading to version 13.0

Users will get the error "Http/1.1 Internal Server Error 43531" The ns.log will give error as below: Dec 23 14:52:26 , aaainfo flags 11 flags2 0, new webview 0, sess flags2 0, flags3 0 flags4 400 ssoDomain , ssoUsername: , ssoUsername2: " Dec 23 14:52:26 XXX.XXX.X.XXX 12/23/2020:19:52:26 GMT...

PT-2021-14884 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 13.4 and later Description: An issue was identified that leaked internal IP address via error messages. Recommendations: For GitLab EE versions 13.4 and later, at the moment, there is no information about a newer version th...

SAML + LDAP using Nfactor gives error "You are not allowed to login. Please contact your administrator"

After hitting Netscaler for login, you are redirected to SAML and successfully login. Afterwards, you are redirected back to Netscaler and receive the error"You are not allowed to login. Please contact your administrator"...

Unable to Open Attachment in SecureMail More Than Certain Size

When attempting to open an attachment in Secure Mail which is greater than 'x' MB, it fails to open. The following error appears: "Sorry. There was a problem downloading this file" Example: Attachment 10MB or greater fails to open However, attachment with 9 MB or smaller size opens without any is...

Exploit for Generation of Error Message Containing Sensitive Information in Zohocorp Manageengine_Servicedesk_Plus_Msp

Zoho ManageEngine ServiceDesk Plus MSP - Active Directory User...

HackerOne: Used email confirmation link reveals the email address which is tied to it

Summary: If an attacker finds an used email confirmation link the token is in URL s/he will be able to see the email address which is tied to the confirmation link ID. The attack itself is pretty unlikely but the application should show the generic error message like The confirmation ID is invali...

SUSE-SU-2021:0771-1 Security update for crmsh

This update for crmsh fixes the following issues: - Update to version 3.0.4+git.1614156978.4c1dc46d: Fix: hbreport: walk through hbreport process under haclusterCVE-2020-35459, bsc1179999; CVE-2021-3020, bsc1180571 Fix: bootstrap: setup authorized ssh access for haclusterCVE-2020-35459, bsc117999...

Cross-site Scripting (XSS)

github.com/argoproj/argo-cd is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via a malicious error message...

CVE-2021-23347

The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting XSS the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user...

IBM Security Verify Information Queue Information Disclosure Vulnerability (CNVD-2021-11355)

IBM Security Verify Information Queue is a cross-product integrator that leverages Kafka technology and a publish/subscribe model to integrate data between IBM security products. An information disclosure vulnerability exists in IBM Security Verify Information Queue. A remote attacker could explo...

'/WEB-INf./' Information Disclosure Vulnerability (HTTP)

Various application or web servers / products are prone to an information disclosure vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...