SSRF Bypass

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

3Dconnexions Spacemouse Enterprise Display not working

When redirected using generic USB feature, 3DConnexions Spacemouse Enterprise: https://3dconnexion.com/de/product/spacemouse-enterprise is not 100% functional. TheVDA detects the device and the mouse joystick is working fine, But the screen on the device stays in the splash screen, instead...

Debian DLA-2691-1 : libgcrypt20 - LTS security update

The remote Debian 9 host has a package installed that is affected by a vulnerability as referenced in the dla-2691 advisory. An issue has been found in libgcrypt20, a crypto library. Mishandling of ElGamal encryption results in a possible side-channel attack and an interoperability problem with...

Citrix Workspace app showing white screen, screen does not refresh, app resize issues on client machines running Intel Iris Xe-Treiber video driver

-Citrix Workspace App won’t load/refresh, it stays just white screen -It is possible to refresh the apps by resizing the workspace app, but that is not a viable solution. -All version of Citrix workspace app is affected 20, 21.3, 21.4 TP...

Receita Federal IRPF Licensing Issue Vulnerability

Receita Federal Imposto de Renda Pessoa Física, a personal income tax application from Receita Federal, Inc. has an authorization problem vulnerability in Receita Federal IRPF that stems from a lack of authentication measures or insufficient authentication strength in the network system or produc...

ADM and Director Intergration missing Network HDX data: Error "No details are available" or blank page

Running Citrix ADM 13.0 latest and attempting to integrated the network function into our Citrix Director 1912. Attempted to use both HTTP and HTTPS. WIth HTTP the network tab on director is blank. With HTTPS it say no details are available. The following guide was used:...

Secure Hub shows an error and fails to connect after upgrading to a fixed firmware build to address CVE-2020-8299/ CVE-2020-8300

Secure Hub shows an error and fails to connect after upgrading to a fixed firmware build to addressCVE-2020-8299/ CVE-2020-8300. Users can no longer log in to Secure Hub or if already logged in cannot refresh policies...

SUSE: Security Advisory (SUSE-SU-2012:1199-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-34475

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Recent assessments: NinjaOperator at June 24, 2021 6:52pm UTC reported:...

SUSE: Security Advisory (SUSE-SU-2013:1151-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2024-11166 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to data corruption caused by the fallocate function in the Linux kernel. When fallocate punches holes out of inode size and the original isize is in the middle of...

CVE-2020-13599 Security problem with settings and littlefs

Security problem with settings and littlefs. Zephyr versions = 1.14.2, = 2.3.0 contain Incorrect Default Permissions CWE-276. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q...

CVE-2020-13599

CVE-2020-13599 concerns a security problem with Zephyr’s settings handling when used with littlefs, where Zephyr versions >= 1.14.2 and >= 2.3.0 are affected by incorrect default permissions (CWE-276). The available connected sources corroborate the issue and link to the GHSA advisory GHSA-...

Ory fosite contains Improper Handling of Exceptional Conditions

Impact The TokenRevocationHandler ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid. Whether an attacker can use this for her advantage depends on the ability to trigger errors in the store...

Unable to drag Published Apps between monitors

Users are unable to drag the application between monitors. Monitors use different resolution...

GHSA-W73W-5M7G-F7QC Authorization bypass in github.com/dgrijalva/jwt-go

jwt-go allows attackers to bypass intended access restrictions in situations with string for m"aud" which is allowed by the specification. Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience...

Authorization bypass in github.com/dgrijalva/jwt-go

jwt-go allows attackers to bypass intended access restrictions in situations with string for m"aud" which is allowed by the specification. Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience...

SSON/Passthrough authentication not working with Edge browser

User tries to logon to MS Edge browser via SSON User is prompted to enter username and password instead of getting logged in automatically with SSON as expected...

Google to start automatically enrolling users in two-step verification “soon”

If you use a Google account, it may soon be mandatory to sign up to Googles two-step verification program. As recently as 2017, a tiny amount of GMail users made use of its two-step options. Maybe the uptake is still slow, and Google has decided enough is enough. With so much valuable data stuffe...

Unspecified Vulnerability in Mozilla Rust (CNVD-2021-33046)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in the standard library in Rust prior to version 1.29.0, which stems from weak synchronization in the Arc::get mut method. This synchronization issue could lead to memory safety...