Citrix uberAgent Security Bulletin for CVE-2024-6677

Description of Problem A vulnerability has been discovered in Citrix uberAgent, which, if exploited, may result in the escalation of privileges of the attacker. Affected Versions: The following supported versions of Citrix uberAgent are affected by the vulnerability: Citrix uberAgent before 7.2.1...

Microsoft Security Advisory CVE-2023-36794: .NET Remote Code Execution Vulnerability

Microsoft Security Advisory CVE-2023-36794: .NET Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update thei...

CVE-2022-3602

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

GHSA-GWP4-MCV4-W95J jwcrypto token substitution can lead to authentication bypass

The JWT code can auto-detect the type of token being provided, and this can lead the application to incorrect conclusions about the trustworthiness of the token. Quoting the private disclosure we received : "Under certain circumstances, it is possible to substitute a .. signed JWS with a JWE that...

Default credentials

In M-Files Server product with versions before 21.11.10775.0, enabling logging of Federated authentication to event log wrote sensitive information to log. Mitigating factors are logging is disabled by default...

Citrix Secure Mail for Android Security Update

Description of Problem Vulnerabilities have been discovered in CitrixSecure Mailfor Androidthatcould allowunauthorisedaccessto datawithinCitrix Secure Mail. These vulnerabilities have the following identifiers: CVE ID| Description| Vulnerability Type| Pre-conditions ---|---|---|--- CVE-2020-8274|...

Citrix Virtual Apps and Desktops Security Update

Description of Problem Vulnerabilities havebeen identified in CitrixVirtual Apps and Desktopsthat could, if exploited,result in: An authenticateduserof amulti-sessionWindowsVDA, who has been granted permission to write to c:\ root directory, being able toescalatetheir privilege levelon that...

CVE-2019-11634 - Remote Code Execution Vulnerability in Citrix Workspace app and Receiver for Windows

Description of Problem A vulnerability has been identified in Citrix Workspace app and Receiver for Windows that could result in local drive access preferences not being enforced allowing an attacker read/write access to the clients local drives which could enable code execution on the client...

CVE-2019-13609 - CRLF Vulnerability in Citrix License Server for Windows and VPX

Description of Problem A Carriage Return Line Feed CRLF injection vulnerability has been identified in Citrix License Server for Windows and VPX that could allow an unauthenticated attacker to bypass authentication and allow a malicious website to read or modify license server data of an existing...

Potential Command Injection in hubot-scripts

Versions 2.4.3 and earlier of hubot-scripts are vulnerable to a command injection vulnerablity in the hubot-scripts/package/src/scripts/email.coffee module. Mitigating Factors The email script is not enabled by default, it has to be manually added to hubot's list of loaded scripts. Recommendation...

GHSA-HWCH-749C-RV63 Potential Command Injection in hubot-scripts

Versions 2.4.3 and earlier of hubot-scripts are vulnerable to a command injection vulnerablity in the hubot-scripts/package/src/scripts/email.coffee module. Mitigating Factors The email script is not enabled by default, it has to be manually added to hubot's list of loaded scripts. Recommendation...

Authentication Bypass Vulnerability in the Management Interface of Citrix Application Delivery Controller and Citrix Gateway

Description of Problem A vulnerability has been identified in the management interface of Citrix Application Delivery Controller ADC formerly known as NetScaler ADC, and Citrix Gateway, formerly known as NetScaler Gateway, that, if exploited, could allow an attacker with access to the management...

EU Cookie Law < 3.1.3 - Authenticated Stored Cross-Site Scripting (XSS)

By exploiting the documented vulnerability, an authenticated attacker with high privileges administrator can execute JavaScript code in a victim's browser. By default, in WordPress, administrator users are allowed to inject JavaScript as they have the unfilteredhtml capability. The affected form...

Citrix Hypervisor Security Update.

Description of Problem A vulnerability has been found in Citrix Hypervisor formerly Citrix XenServer that may allow an unauthenticated attacker with the ability to send traffic to a host over a management or storage network to cause the host to crash. This vulnerability is identified as: •...

Directory Traversal in lactate

A crafted GET request can be leveraged to traverse the directory structure of a host using the lactate web server package, and request arbitrary files outside of the specified web root. This allows for a remote attacker to gain access to arbitrary files on the filesystem that the process has acce...

Citrix XenServer Microarchitectural Data Sampling Speculative Side-Channel Vulnerabilities (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (CTX2251995)

The version of Citrix XenServer running on the remote host is missing a security hotfix. It is, therefore, affected by microarchitectural data sampling speculative side-channel vulnerabilities. These vulnerabilities may allow a local attacker on a guest machine to sample the contents of memory...

Microsoft Zero-Day Patch for JET Bug Incomplete, Claims Firm

UPDATE Microsoft patched a zero-day in its JET Database Engine this week – but the patch was incomplete, according to researchers at 0patch. The company has developed a micropatch that corrects that hole, it said Friday. The memory corruption vulnerability CVE-2018-8423 could allow remote...

Citrix XenServer Multiple Security Updates

Description of Problem A number of security vulnerabilities have been identified in Citrix XenServer that may allow malicious code running in a PV guest VM to compromise the host and malicious privileged code running in an HVM guest VM to crash the host. These vulnerabilities affect all currently...

Citrix XenServer Multiple Security Updates

Description of Problem A number of vulnerabilities have been identified within Citrix XenServer that could, if exploited, allow a malicious administrator of a guest VM to crash the host and, for some XenServer versions, allow a remote attacker to compromise the host. The following vulnerabilities...

Paragon Initiative Enterprises: Airship: Persistent XSS via Comment

Affected: Airship 2.0.0 commit 15bdc0d CVSS ---- Medium 6.1 https://www.first.org/cvss/calculator/3.0CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Description ----------- The "name" field of a comment on a blog post is vulnerable to persistent XSS. When replying to a comment, the comment name is...