72 matches found
CVE-2025-22386
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity session issue exists in the Commerce B2B application, affecting the longevity of active sessions in the storefront. This allows session tokens tied to logged-out sessions to still be active and usable...
The '?/' key on a Portuguese (Brazil) ABNT2 keyboard does not function in Linux sessions
When launching a Citrix session from an endpoint using Windows and a ABNT2 - Portuguese Brazil keyboard layout, the Windows keyboard key '?/' does not function inside a Linux VDA published desktop or application session...
IBM Cloud Pak for Security和IBM QRadar Suite 代码问题漏洞
IBM Cloud Pak for Security and IBM QRadar Suite are both products of International Business Machines IBM, U.S.A. IBM Cloud Pak for Security is a software application. An open security platform that connects to your existing data sources to generate deeper insights and enables you to take automate...
PT-2024-40176 · Packagist · Typo3/Cms-Core
Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned, use: Software affected versions not specified Description: A security issue has been found where session data of authenticated frontend users is not properly cleared during the logout process. As a...
SUSE-SU-2023:4210-1 Security update for jetty-minimal
This update for jetty-minimal fixes the following issues: - Updated to version 9.4.53.v20231009: - CVE-2023-44487: Fixed a potential denial of service scenario via RST frame floods bsc1216169. - CVE-2023-36478: Fixed an integer overflow in the HTTP/2 HPACK decoder bsc1216162. - CVE-2023-40167:...
Unable to launch HTML5 sessions via gateway when using Secure Storefront IIS
Unable to launch a published desktop session using Citrix Workspace app for HTML5 when connection is via NetScaler. Desktop launches fine when not going through HTML5. When launching directly from Storefront, bypassing netscaler, HTML5 session launches without any issues. When launching HTML5...
HCL Technologies Compass 代码问题漏洞
HCL Technologies Compass is a low-code change management software from HCL Technologies, USA. Manages the full range of testing activities and integration with developer tools. HCL Technologies Compass suffers from an Access Control Error vulnerability that stems from the application not disablin...
CVE-2023-33005
CVE-2023-33005 concerns the Jenkins WSO2 Oauth Plugin (1.0 and earlier) not invalidating a previous login session, creating a session-fixation risk. The vulnerability is described across multiple sources as allowing an attacker to reuse an existing authenticated session or trick a user into a log...
Unable to launch ICA session due to wfica32.exe signature validation failure
After upgrading Citrix Workspace App to 2203 CU2 and 2210.5 and above in customer's client machine, ICA session became unable to launch. Specifically, ICA file can be downloaded but wfica32.exe never starts. The issue doesn't occur in the same client machine with Citrix Workspace App for Windows...
Native Windows Camera application is not working in Citrix session.
Native Windows Camera application is not working in Citrix session. Issue is not seen in a RDP session...
CVE-2022-39234 user session persists even after permanently deleting account in GLPI
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Deleted/deactivated user could continue to use their account as long as its cookie is valid. This iss...
CVE-2022-41291
IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 236699...
OPENSUSE-SU-2021:0934-1 Security update for tpm2.0-tools
This update for tpm2.0-tools fixes the following issues: - CVE-2021-3565: Fixed issue when no encrypted session with the TPM is used bsc1186490. This update was imported from the SUSE:SLE-15-SP2:Update update project...
Unable to launch a VDI (second hop) within a active VDI session (first hop), error “An incorrect pin was presented to the security device”
The customer has FAS in place and it is working fine They are testing the VDI sessions and users can launch Desktops when using their workstations endpoints If they try to launch a second Desktop session second hop within the current VDI session using CWA, they get an error “An incorrect pin was...
Keyboard Input Fails in Citrix Session from Receiver for Mac with OSX 10.9.5
This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. In a Citrix session, keyboard is unresponsive from Receiver for Mac with OSX 10.9.5...
"Http/1.1 Internal Server Error 43531" when accessing Citrix Gateway after upgrading to version 13.0
Users will get the error "Http/1.1 Internal Server Error 43531" The ns.log will give error as below: Dec 23 14:52:26 , aaainfo flags 11 flags2 0, new webview 0, sess flags2 0, flags3 0 flags4 400 ssoDomain , ssoUsername: , ssoUsername2: " Dec 23 14:52:26 XXX.XXX.X.XXX 12/23/2020:19:52:26 GMT...
CVE-2021-27351
The Terminate Session feature in the Telegram application through 7.2.1 for Android, and through 2.4.7 for Windows and UNIX, fails to invalidate a recently active session...
PT-2021-15140 · Jetty +1 · Jetty +1
Name of the Vulnerable Software and Affected Versions: Gerrit affected versions not specified Description: The issue arises when any git operation is passed through Jetty, creating a session without an expiry date. Since Jetty does not automatically dispose of the session, multiple git actions ca...
On mobile device on-screen keyboard does not appear in ICA/HDX session automatically
On mobile device on-screen keyboard does not appear when user tap a field to edit in the application of desktop session. User need to manually select keyboard from desktop viewer...
PT-2020-1569 · Openbsd +1 · Opensmtpd +1
Name of the Vulnerable Software and Affected Versions: OpenSMTPD versions 6.6 Description: The issue is related to the smtp mailaddr function in the smtp session.c file of the OpenSMTPD mail daemon, which is used in OpenBSD and other products. It allows remote attackers to execute arbitrary...