CVE-2022-29609

An issue was discovered in ONOS 2.5.1. An intent with the same source and destination shows the INSTALLING state, indicating that its flow rules are installing. Improper handling of such an intent is misleading to a network operator...

PT-2023-12993 · Onos · Onos

Name of the Vulnerable Software and Affected Versions: ONOS version 2.5.1 Description: An issue was discovered in ONOS where there is an incorrect comparison of paths installed by intents. An existing intent does not redirect to a new path, even if a new intent that shares the path with higher...

Fail to launch SF resources: SSL Error 59

Fail to launch SF resources: Unable to connect the server. Contact your system administrator with the the following error: SSL Error 59: The server sent a security certificate identifying "www.xxxx.com", the SSL connection was to "SRA.XXXXX.COM.CN"...

SUSE-SU-2023:1674-1 Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues: - CVE-2023-1393: Fixed use-after-free overlay window ZDI-CAN-19866 bsc1209543...

Connection Interrupted. Citrix Workspace will try to reconnect in over an hour

Connection Interrupted. Citrix Workspace will try to reconnect in over an hour...

One client failed on installing CWA due to it failed detecting the Edge Webview2 installation

One client failed on installing CWA in an intranet environment due to it failed detecting the Edge Webview2 installation.Manually install Webview2 with full-blown installer again still can't fix this issue...

PT-2023-15356 · Unknown · Telephony Service

Name of the Vulnerable Software and Affected Versions: Telephony service affected versions not specified Description: The issue is related to a missing permission check in the telephony service, which could lead to local information disclosure without requiring additional execution privileges...

WordPress AMO for WP – Membership Management Plugin <= 4.6.6 is vulnerable to Server Side Request Forgery (SSRF)

Software AMO for WP – Membership Management Type Plugin Vulnerable versions = 4.6.6 Fixed in N/A OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2022-40700 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID 9e6059b126e6 Credits Dave Jong...

CVE-2023-27320

Sudo before 1.9.13p2 has a double free in the per-command chroot feature...

OSV-2023-119 Use-of-uninitialized-value in rename_process

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56401 Crash type: Use-of-uninitialized-value Crash state: renameprocess safeforkfull parsetimestamp...

SUSE-SU-2023:0518-1 Security update for rubygem-activerecord-4_2

This update for rubygem-activerecord-42 fixes the following issues: - CVE-2022-44566: Fixed a potential denial of service due to an inefficient comparison between integer and numeric values bsc1207450...

SA40166 - Remote desktop protocol (RDP) client restriction bypass issue

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A security issue was discovered in the PCS Terminal Services Remote Desktop Protocol RDP client session restrictions feature. By exploiting this issue a malicious authenticated user...

WEM Log displayed in VUEMRSAV.exe not showing correct order of external tasks

When using the VUEMRSAV.exe to determine the outcome of the WEM configuration for a user within the log the order in which the WEM external tasks are executing does not reflect the configured order in the WEM configuration set and also the actual order the external tasks are executing...

Command Injection

wwbn/avideo is vulnerable to Command Injection. The vulnerability exists because security.php does not escape shell characters, allowing an attacker to inject and execute malicious commands when embedding a video link...

PT-2023-18396 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No information is available about the vulnerable software and its affected versions. Description: The provided information does not contain details about the issue. It appears to be a notification about a candidate number that is not in use...

Vdisk locks are not clearing after shutting down a target from the PVS console running in Azure

PVS on Azure - When shutting down a target from the PVS console or the Azure portal vdisk locks are not releasing properly...

GHSA-9F2C-XXFM-32MJ Duplicate of GHSA-4xh4-v2pq-jvhm

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4xh4-v2pq-jvhm. This link is maintained to preserve external references. Original Description The personnummer implementation before 3.0.3 for Dart mishandles numbers in which the last four digits match the...

PT-2023-13630 · Unknown · Contacts Service

Name of the Vulnerable Software and Affected Versions: contacts service affected versions not specified Description: The issue is related to a missing permission check in the contacts service, which could lead to a local denial of service. No additional execution privileges are needed to exploit...

PT-2022-26532 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No information is available about the vulnerable software and its affected versions. Description: The provided information does not contain details about the issue, such as general information, estimated number of potentially affected devices...

PT-2022-8333 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No information is available about the vulnerable software and its affected versions. Description: The provided information does not contain details about the issue. It appears to be a notification about a candidate number that is not in use...