EUVD-2021-11831

Malware in sbrugna...

CWA 2402 - Microsoft Teams VDI plugin is not shown for Non-Admin user

When installing Citrix Workspace app 2402 LTSR for Windows CWA or later version with Administrator privileges, all the three Add-ons single sign-on, App Protection, Microsoft Teams VDI plugin are shown. But if installing CWA 2402 with non-admin user, all the three Add-ons are not shown...

CVE-2023-51748

ScaleFusion 10.5.2 does not properly limit users to the Edge application because Ctrl-O and Ctrl-S can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode...

CVE-2023-51750

ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...

Design/Logic Flaw

ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...

CVE-2023-51751

ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode...

CVE-2023-51748

ScaleFusion 10.5.2 is affected by a kiosk-mode security issue where Ctrl-O and Ctrl-S can bypass the Edge application restriction, potentially exposing the isolated environment. Root cause: insufficient access control in Scalefusion MDM Agent allowing users to access the file explorer. The issue ...

CVE-2023-51750

ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."...

GHSA-26HR-Q2WP-RVC5 User with permission to write actions can impersonate another user when auth token is configured in environment variable

Impact When lakeFS is configured with ALL of the following: - Configuration option auth.encrypt.secretkey passed through environment variable - Actions enabled via configuration option actions.enabled default enabled then a user who can configure an action can impersonate any other user. Patches...

Some Amount of tokens will be left behind in BYTES 1.0

Lines of code Vulnerability details Impact If user wants to upgrade all its token he won't be able to do that. Proof of Concept Let's see what is happening function upgradeBytes uint256 amount external if IERC20BYTES1.balanceOfmsg.sender amount revert DoNotHaveEnoughOldBytesamount; During the...