AZL-35443 CVE-2023-48795 affecting package node-problem-detector for versions less than 0.8.20-2

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

CVE-2023-3283

The connected Palo Alto advisory PA-CVE-2023-6789 details a stored XSS vulnerability in PAN-OS web interface. It allows a malicious authenticated read-write administrator to store a JavaScript payload via the web interface, which executes when viewed by an authenticated administrator, proxying al...

Failed to access "app configuration" in webstudio

Cannot configure "App Configuration" in Citrix DaaS. When click on this feature, it redirects to the main page...

CVE-2023-37366

CVE-2023-37366 is a DoS flaw affecting Google Pixel cellular baseband/modem components. Public details from Pixel security bulletin map it to a DoS issue for Pixel devices (2023-12 patch level). An OSV entry confirms a root cause in cd_parseMsg of cd_codec.c where improper input validation can ca...

Information disclosure

fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than...

CVE-2023-49284 Command substitution output can trigger shell expansion in fish shell

fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than...

CVE-2023-49284

fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than...

CVE-2023-49284 Command substitution output can trigger shell expansion in fish shell

fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than...

CVE-2023-6396

GitLab CE/EE is affected by CVE-2023-6396 due to XSS and ReDoS in Markdown via the Banzai pipeline when a member has admin_group_member permission, potentially allowing escalation (e.g., adding members with higher roles) and exposure of internal project details. The issue is tied to a bypass of C...

CVE-2023-43020

CVE-2023-43020 is evidenced in IBM bulletins as a denial-of-service vulnerability in IBM Db2 (including Db2 Connect Server) when processing a specially crafted query. Affected products span Db2 on Linux/UNIX/Windows (versions 10.5, 11.1, 11.5; Db2 Big SQL is also listed in related bulletins). The...

Upgraded Q -> 2 from #776 [1701456793936]

Judge has assessed an item in Issue 776 as 2 risk. The relevant finding follows: Low-01 No minimum AmountrsETH receive parameter absent in depositAsset Here we can see that User deposit asset via depositAsset which take asset address and asset depositAmount as parameter Then rsethAmountMinted...

User not able to find sign in option inside Workspace app post signing out

After signing in once and signs out in Citrix Workspace App for Windows , no sign in option is available. The only options that can be seen in the settings are "refresh app" and "accounts"...

Updated kernel-linus packages fix security vulnerabilities

This kernel update is based on upstream 6.5.11 and fixes or adds mitigations for at least the following security issues: A use-after-free vulnerability was found in drivers/nvme/target/tcp.c in nvmettcpfreecrypto due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue ma...

CVE-2021-26292

The CVE-2021-26292 entry maps to AfterLogic Aurora and WebMail Pro

Citrix Studio 'session' field not showing username

After upgrading, the Citrix Studio session view no longer shows the username, however,the username is displayed when checking the session from the Citrix Director...

iOS Receiver disconnects from session after one minute of activity

Citrix users using Receiver for iOS are disconnected from their Citrix session after working on the session by typing or clicking for around20-30 seconds. The users get the following error: "Cannot Connect. Check your network connection and try again. OK." If the users are not working on the...

Teams - Error "Your Admin has restricted Access to the New Teams" in ICA session

When launching New Teams within Remote PC / ICA session, it seems to logon fine the first time. But when the user logs out and logs back in again to Teams the second time and any subsequent attempt, they see the following error message: "Your Admin has restricted Access to the New Teams"...

CVE-2023-42219

Exim MTA vulnerability CVE-2023-42219 is described in the connected Malwarebytes entry as allowing network-adjacent attackers to disclose sensitive information on affected installations of Exim. The article also notes that Exim is not likely to fix CVE-2023-42219 and suggests mitigations such as ...

Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2023-13001)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-13001 advisory. - Bluetooth: btsdio: fix use after free bug in btsdioremove due to race condition Zheng Wang CVE-2023-1989 - netfilter: ipset: add the missing IPSETHASHWITHNET...

PT-2023-31782 · WordPress · Tcd Google Maps Plugin

Name of the Vulnerable Software and Affected Versions: TCD Google Maps plugin for WordPress versions up to, and including, 1.8 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the 'map' shortcode, allowing authenticated attacker...