ICA file not opening automatically instead it is downloading on browser on Double hop scenario

Every time an application is launched, it opens with a browser instead locally installed workspace app even though the native workspace app is the default selection...

User unable to open ICA file - No Error Reported

When end users access their Storefront and click on the desired published resource, the ICA file is downloaded as per customer configuration but nothing happens when the ICA file is double-clicked...

SimplePHPscripts Simple Forum PHP 跨站脚本漏洞

Simple Forum-Discussion System is a simple forum/discussion system. SimplePHPscripts A cross-site scripting vulnerability exists in Simple Forum PHP version 2.7, which stems from a problem with the file /preview.php that can lead to cross-site scripting...

PT-2023-22170 · Malwarebytes · Malwarebytes Edr

Name of the Vulnerable Software and Affected Versions: Malwarebytes EDR version 1.0.11 Description: The issue allows bypassing detection layers that rely on inode identifiers. This is possible because an identifier may be reused when a file is replaced, and two files on different filesystems can...

CVE-2023-32385

A denial-of-service issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. Opening a PDF file may lead to unexpected app termination...

CVE-2023-32288

Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM file may lead to information disclosure and/or arbitrary code execution...

CVE-2022-0010 QCS 800xA Vulnerability identified in system log files

Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools. An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could...

CVE-2023-1836

A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. When viewing an XML file in a repository in "raw" mode, it can be made to render as...

MGASA-2023-0151 Updated openimageio packages fix security vulnerability

A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can result in sensiti...

PT-2023-18564 · Alf.Io · Alf.Io

Name of the Vulnerable Software and Affected Versions: alfio-event/alf.io versions prior to 2.0-M4-2304 Description: The issue is related to the improper neutralization of formula elements in a CSV file. This problem affects the GitHub repository alfio-event/alf.io. Recommendations: For versions...

SUSE CVE-2016-10069

coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service application crash via a mat file with an invalid number of frames...

SUSE CVE-2017-15642

In lsxaiffstartread in aiff.c in Sound eXchange SoX 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file...

SUSE CVE-2018-5684

In Libav through 12.2, there is an invalid memcpy call in the ffmovreadstsdentries function of libavformat/mov.c. Remote attackers could leverage this vulnerability to cause a denial of service segmentation fault and program failure with a crafted avi file...

SUSE CVE-2021-3933

An integer overflow could occur when OpenEXR processes a crafted file on systems where sizet 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths...

PT-2022-14773 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: In the aud hal tunnel.c file, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

SUSE-SU-2022:3906-1 Security update for gstreamer-0_10-plugins-good

This update for gstreamer-010-plugins-good fixes the following issues: - CVE-2022-1920: Fixed an integer overflow while parsing matroska files bsc1201688. - CVE-2022-1921: Fixed an integer overflow while parsing avi files bsc1201693. - CVE-2022-1922: Fixed an integer overflow during mkv demuxing...

PT-2022-23929 · Unknown · Sourcecodester Web-Based Student Clearance System

Name of the Vulnerable Software and Affected Versions: SourceCodester Web-Based Student Clearance System affected versions not specified Description: A critical issue has been discovered, affecting an unknown part of the file Admin/edit-admin.php. The manipulation of the id argument leads to SQL...

PT-2022-21890 · Autodesk · Autocad +1

Name of the Vulnerable Software and Affected Versions: Autodesk Design Review version 2018 AutoCAD versions 2022 through 2023 Description: A maliciously crafted GIF or JPEG file can be used to write beyond the allocated heap buffer when parsed through the affected software, potentially leading to...

PT-2022-18148 · Sourcecodester · Sourcecodester Simple E-Learning System

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple E-Learning System affected versions not specified Description: A critical issue was found in the SourceCodester Simple E-Learning System, affecting an unknown function of the file comment frame.php. The manipulation of t...

SUSE-SU-2022:2608-1 Security update for booth

This update for booth fixes the following issues: - CVE-2022-2553: authfile directive in booth config file is completely ignored bsc1201946...