1911 matches found
Red Hat Keycloak Security Vulnerability
Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak, which stems from the fact that if an attacker creates two or more user sessions and then...
CVE-2023-6588
Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. This allows an attacker with access to the Workspace application to access credentials when offline...
CVE-2023-6588
Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. This allows an attacker with access to the Workspace application to access credentials when offline...
Code injection
Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. This allows an attacker with access to the Workspace application to access credentials when offline...
CVE-2023-6588
Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. This allows an attacker with access to the Workspace application to access credentials when offline...
CVE-2023-6588
CVE-2023-6588 affects Devolutions Workspace (versions 2023.3.2.0 and earlier) where offline mode is always enabled in the Devolutions Server data source. The underlying issue allows an attacker with access to the Workspace application to access credentials while offline. The NVD entry lists a CVS...
How to install Citrix Workspace App for Windows in offline mode
Administrator can install Citrix Workspace app for Windows Offline installer for devices that don’t have internet connectivity...
Devolutions Workspace Security Breach
Devolutions Workspace is a mobile and desktop application from Devolutions Canada. A security vulnerability exists in Devolutions Workspace version 2023.3.2.0 and earlier, which stems from the fact that an attacker with privileged access to the Workspace application can access credentials while...
PT-2023-32707 · Devolutions · Devolutions Workspace
Name of the Vulnerable Software and Affected Versions: Devolutions Workspace versions 2023.3.2.0 and earlier Description: The issue allows an attacker with access to the Workspace application to access credentials when offline, due to offline mode being always enabled, even if permission disallow...
[SECURITY] Fedora 39 Update: rust-tealdeer-1.6.1-5.fc39
Fetch and show tldr help pages for many CLI commands. Full featured offline client with caching support...
Fedora: Security Advisory for rust-tealdeer (FEDORA-2023-6215ea423b)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2023-9790b327cb)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
WordPress Site Offline Plugin <= 1.5.6 is vulnerable to Cross Site Scripting (XSS)
Software Site Offline Type Plugin Vulnerable versions = 1.5.6 Fixed in 1.5.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49190 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 49fa69649ba8 Credits emad Required privilege Administrator...
kernel: blkio memory leakage due to blkcg and some blkgs are not freed after they are made offline.
A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgrouprstatflush is only called at cssreleaseworkfn, which is called when the blkcg reference count reaches 0. This circula...
kernel: drivers/perf: hisi: Don't migrate perf to the CPU going to teardown
A logic error was found in the Linux kernel's HiSilicon PCIe performance monitoring driver in the CPU offline handling path. A local user can trigger this issue during CPU hotplug operations when the driver migrates performance monitoring context, potentially selecting the CPU being torn down as...
kernel: srcu: Delegate work to the boot cpu if using SRCU_SIZE_SMALL
A synchronization flaw was found in the Linux kernel Sleepable Read-Copy-Update SRCU implementation. The subsystem assumed that central processing unit CPU 0 was always online. On systems where CPU 0 is offline, such as crash-kernel configurations using a different boot CPU, SRCU work could be...
kernel: thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash
A null pointer dereference flaw was found in the Linux kernel thermal/intelpowerclamp driver. When CPU 0 is offline and the intelpowerclamp driver attempts to inject idle cycles, the code incorrectly calls smpprocessorid preemptively, which triggers a kernel BUG. This occurs because the function...
Should you allow your browser to remember your passwords?
At Malwarebytes weve been telling people for years not to reuse passwords, and that a password manager is a secure way of remembering all the passwords you need for your online accounts. But we also know that a password manager can be overwhelming, especially when youre just getting started. Once...
F5 Networks BIG-IP : IPsec IKEv1 vulnerability (K42378447)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K42378447 advisory. - The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair...
CVE-2023-46289
Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a...