CVE-2022-1280

A use-after-free vulnerability was found in drmleaseheld in drivers/gpu/drm/drmlease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service DoS or a kernel information leak. Mitigation Mitigation for this issue is either not...

Cross Site Scripting (XSS)

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

"Unable to Launch Resource" error while switching to HTML5 client

With App protection enabled, if you switch to HTML5 client mid-way into the session/ beginning of the session all the protected and unprotected apps will be enumerated but when you click on launching the session, the below message will appear,which will lead to this document...

Web Extension Required error when launching resources via HTML5 mode

You are not able to launch resources apps or desktops from browser due to a lack of web extension. If you see this modal dialog and are not able to launch application protected resource...

WordPress Material Design for Contact Form plugin拒绝服务漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Material Design for Contact Form plugin suffers from a denial of service vulnerability that stems from a plugin validatio...

Denial Of Service (DoS)

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

Unable to launch desktop via Gateway in invoked mode ( Client Detection done and selected workspace to Always Open ICA file )

Unable to launch desktop via Gateway in invoked mode. ICA launch works downloading the file, non invoked mode and clicking on it works In the non-working response for ICA file download, we see Riverbed headers highlighted and the "Connection: close" header being stripped...

CVE-2020-17639

The IBM SDK, Java Technology Edition Security Bulletin documents CVE-2020-17639 as part of a set of Java SE issues disclosed in the July 2020 CP Update. Affected IBM releases are: 7.0.0.0–7.0.10.65, 7.1.0.0–7.1.4.65, and 8.0.0.0–8.0.6.11. Remediation is provided through newer builds: 7.0.10.70, 7...

CVE-2010-0474

CVE-2010-0474 is listed as part of Debian WebKit vulnerabilities in DSA-2188-1. The affected package is webkit (GTK+ WebKit), with multiple CVEs including CVE-2010-0474. Debian states these problems were fixed in the stable distribution (squeeze) with version 1.2.7-0+squeeze1 (and 1.2.7-1 for whe...

CVE-2021-22099

Cloud Foundry CVE-2021-22099 is a Server-Side Request Forgery (SSRF) in the Cloud Controller. Malicious users can trigger HTTP GET requests to internal CF components and read responses. Affected products and versions: CAPI all versions before 1.114.0; CF Deployment all versions before 16.23.0. Mi...

updateSignValidity() May Break registerSelf() Due to Lack of Input Validation

Lines of code Vulnerability details Impact requireblock.timestamp Recommended Mitigation Steps requiresignValidity != 0, "signValidity Can't Be Zero" --- The text was updated successfully, but these errors were encountered: All reactions...

Data Loss/Denial of Service in SWHKD

SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service. A patch is available on the 1.1.0 branch of the repository...

CWA for Chrome: Unable to copy-paste cells from Published Excel App to Google sheets opened locally

When you copy multiple cell values from Excel App via ICA to Google Sheets accessed from Local PC the values fail to get pasted to Google Sheets...

CVE-2021-4148

A vulnerability was found in the Linux kernel's blockinvalidatepage in fs/buffer.c in the filesystem. A missing sanity check may allow a local attacker with user privilege to cause a denial of service DOS problem...

Citrix Xenserver 7.1CU2 to Citrix Hypervisor 8.2 upgrade gets stuck at Boot Screen for servers with HPE Smart Array

After the Host is booted into the installer kernel it gets stuck at following screen...

FIDO: Here’s Another Knife to Help Murder Passwords

We all hate passwords, but none of us want to make logging into our accounts a hassle with extra time, steps and devices. That’s why the Fast Identity Online Alliance FIDO published a white paper PDF on Thursday, outlining different use cases for the adoption of their FIDO2 set of specifications...

March 22, 2022—KB5011558 (OS Build 20348.617) Preview

March 22, 2022—KB5011558 OS Build 20348.617 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find ou...

Gateway 12.1 55.247- after reboot/restart the Gateway is not working need to Enable/Disabled MBF for get access to the Gateway page

After ADC reboot/restart Customer unable to access Citrix Gateway page. Customer had to toggle MBF mode on ADC for restore access to Citrix Gateway Page...

Denial Of Service (DoS)

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

Secure Hub fails to authenticate with Citrix Gateway 13.0 83.27 when using an Advanced Authentication policy for LDAP

Secure Hub shows the following error when trying to connect to Citrix Gateway: "You may need to contact your administrator to verify your sign-on credentials". Closer inspection of network traffic through Citrix Gateway shows that there is no 'Set-Cookie' response found in the reply to "GET...