Unable to launch ICA session due to wfica32.exe signature validation failure

After upgrading Citrix Workspace App to 2203 CU2 and 2210.5 and above in customer's client machine, ICA session became unable to launch. Specifically, ICA file can be downloaded but wfica32.exe never starts. The issue doesn't occur in the same client machine with Citrix Workspace App for Windows...

CVE-2021-38363

An issue was discovered in ONOS 2.5.1. In IntentManager, the install-requested intent which causes an exception remains in pendingMap in memory forever. Deletion is possible neither by a user nor by the intermittent Intent Cleanup process...

CVE-2014-1865

The CVE-2014-1865 entry is supported by a Veracode advisory (VERACODE:4217) describing an information-disclosure vulnerability in fat_free_crm where password-related attributes — password_hash , password_salt , and password_confirmation — are not filtered from logs, exposing sensitive data to mal...

CVE-2014-1866

The connected VERACODE entry documents a vulnerability in fat_free_crm: Information leakage via error pages. The root cause is that consider_all_requests_local is set to true by default in production, causing 404 and 500 error pages to expose server setup information. The document does not provid...

CVE-2017-9672

Technical details for CVE-2017-9672 are not publicly available in the provided documents. Monitor for updates from the issuing organization; no affected products, versions, or exploitation details are specified here.

CVE-2018-12119

CVE-2018-12119 is a reserved candidate in Initial Description; connected data indicates a Cross-site Scripting (XSS) issue in knowledge_repo due to lack of sanitization of user-supplied parameters (e.g., comments) when rendering templates. The vulnerability is tied to knowledge_repo’s web renderi...

CVE-2018-18902

Grafana (singlestat panel) is vulnerable to cross-site scripting (XSS) because the prefix and postfix fields are not properly sanitized, allowing an attacker to inject and execute arbitrary JavaScript in a victim’s browser. The connected Veracode entry confirms the XSS issue but provides no explo...

CVE-2018-7646

The connected Veracode entry identifies a denial of service in svgexport caused by a missing timeout when loading an external image. Impact is DoS; no exploit details are provided in the supplied documents. No CVE-specific remediation is stated here; monitor for updates.

CVE-2018-19454

The connected document identifies a concrete vulnerability in yiisoft/yii2: information disclosure caused by credentials (e.g., HTTP auth username/password) being logged in the application’s logging target (\yii\log\Target). An attacker who can access the log files could retrieve these credential...

CVE-2018-8085

Veracode entry VERACODE:13415 documents a SAML Signature Relocation vulnerability affecting passport-wsfed-saml2. The issue arises because the validation function does not ensure the Signature element is located correctly within an Assertion, enabling signature relocation attacks. The provided ma...

CVE-2018-20142

CVE-2018-20142 (reserved CVE) | Affected component: the sharrre library. Vulnerability: Cross-site scripting (XSS) vulnerability in which a remote attacker can inject arbitrary JavaScript into a victim’s browser via the location hash. Impact (as described): attacker could steal session tokens or ...

CVE-2018-14578

The connected Veracode entry identifies a concrete vulnerability in yiisoft/yii2: CSRF due to unvalidated request methods in yii\web\Request::getMethod(), allowing an attacker to bypass CSRF token checks by downgrading the HTTP method to read methods such as GET, HEAD or OPTIONS.

CVE-2017-11859

Technical details for CVE-2017-11859 are not publicly available in the provided documents. Monitor for updates; no affected products, root cause, or remediation information is disclosed here.

CVE-2018-8548

The connected VERACODE entry (VERACODE:8014) describes a Remote Code Execution vulnerability in microsoft.chakracore, caused by how the scripting engine renders objects in memory, allowing arbitrary code execution in the context of the authenticated user. The CVE mapping to CVE-2018-8548 is not p...

PT-2023-12363 · Or1200 · Or1200

Name of the Vulnerable Software and Affected Versions: OR1200 aka OpenRISC 1200 processor versions 2011-09-10 through 2015-11-11 Description: An issue in the ALU unit of the processor causes the overflow flag not to be updated for the msb and mac instructions, resulting in an incorrect value in t...

CVE-2023-29194 vitess allows users to create keyspaces that can deny access to already existing keyspaces

Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing / characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces...

chessproblem.my-free-games.com Cross Site Scripting vulnerability OBB-3259655

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-1990

A use-after-free flaw was found in ndlcremove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem...

CVE-2023-1990

A use-after-free flaw was found in ndlcremove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem...

Design/Logic Flaw

A use-after-free flaw was found in ndlcremove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem...