Risk | Critical |
Patch available | YES |
Number of vulnerabilities | 141 |
CVE-ID | CVE-2022-42915 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 CVE-2022-35252 CVE-2022-42916 CVE-2022-32221 CVE-2022-27781 CVE-2022-43551 CVE-2022-43552 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 CVE-2023-27533 CVE-2022-27782 CVE-2022-27776 CVE-2023-27535 CVE-2020-13632 CVE-2020-11655 CVE-2020-11656 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-15358 CVE-2022-27775 CVE-2022-35737 CVE-2023-7104 CVE-2022-37434 CVE-2023-45853 CVE-2022-22576 CVE-2022-27774 CVE-2023-27534 CVE-2023-27536 CVE-2019-19645 CVE-2022-3341 CVE-2021-33815 CVE-2021-38114 CVE-2021-38171 CVE-2022-1475 CVE-2022-3964 CVE-2022-3109 CVE-2022-48434 CVE-2023-52426 CVE-2023-46407 CVE-2023-47470 CVE-2024-22860 CVE-2024-22862 CVE-2024-22861 CVE-2024-30472 CVE-2021-30123 CVE-2023-52425 CVE-2023-27538 CVE-2023-46219 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-38545 CVE-2023-38546 CVE-2023-3316 CVE-2023-44488 CVE-2023-5217 CVE-2023-40745 CVE-2023-41175 CVE-2023-52355 CVE-2023-1255 CVE-2023-2975 CVE-2023-5363 CVE-2023-6129 CVE-2019-19646 CVE-2019-16168 CVE-2022-43680 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-40674 CVE-2020-1968 CVE-2022-23852 CVE-2020-1971 CVE-2021-23839 CVE-2021-23840 CVE-2021-23841 CVE-2021-3712 CVE-2021-4160 CVE-2022-23990 CVE-2022-22827 CVE-2022-1292 CVE-2018-20843 CVE-2016-0718 CVE-2012-6702 CVE-2016-5300 CVE-2016-4472 CVE-2017-9233 CVE-2019-15903 CVE-2022-22826 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-0778 CVE-2022-2068 CVE-2019-8457 CVE-2023-37369 CVE-2023-32573 CVE-2023-33285 CVE-2023-32762 CVE-2023-32763 CVE-2023-34410 CVE-2023-38197 CVE-2023-43114 CVE-2022-25634 CVE-2023-51714 CVE-2017-10989 CVE-2018-8740 CVE-2018-20346 CVE-2018-20505 CVE-2018-20506 CVE-2023-24607 CVE-2022-25255 CVE-2022-4304 CVE-2023-3817 CVE-2023-0215 CVE-2023-0286 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-2650 CVE-2023-5678 CVE-2021-45930 CVE-2024-0727 CVE-2023-46218 CVE-2022-45142 CVE-2022-4450 CVE-2023-4807 CVE-2022-41409 CVE-2021-38593 |
CWE-ID | CWE-415 CWE-400 CWE-276 CWE-347 CWE-20 CWE-319 CWE-440 CWE-835 CWE-254 CWE-416 CWE-770 CWE-303 CWE-200 CWE-371 CWE-476 CWE-190 CWE-264 CWE-787 CWE-399 CWE-129 CWE-125 CWE-122 CWE-287 CWE-252 CWE-119 CWE-776 CWE-311 CWE-662 CWE-295 CWE-73 CWE-310 CWE-369 CWE-94 CWE-121 CWE-78 CWE-611 CWE-130 CWE-22 CWE-89 CWE-208 CWE-843 CWE-388 |
Exploitation vector | Network |
Public exploit |
Public exploit code for vulnerability #28 is available. Public exploit code for vulnerability #30 is available. Public exploit code for vulnerability #60 is available. Vulnerability #63 is being exploited in the wild. Public exploit code for vulnerability #72 is available. Public exploit code for vulnerability #82 is available. Public exploit code for vulnerability #90 is available. Public exploit code for vulnerability #91 is available. Public exploit code for vulnerability #97 is available. Public exploit code for vulnerability #105 is available. |
Vulnerable software |
Citrix Workspace App Other software / Other software solutions Webex App VDI Other software / Other software solutions Liquidware Other software / Other software solutions Telemetry Dashboard Other software / Other software solutions VMware Horizon Client Client/Desktop applications / Software for system administration Cisco Webex Meetings Server applications / Conferencing, Collaboration and VoIP solutions Cisco Jabber Client/Desktop applications / Messaging software |
Vendor |
Citrix VMware, Inc Cisco Systems, Inc Dell |
Security Bulletin
This security bulletin contains information about 141 vulnerabilities.
EUVDB-ID: #VU68748
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-42915
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing non-200 proxy HTTP responses for the following schemes: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, telnet. A remote attacker can trigger a double free error by forcing the application into connecting to resources that are not allowed by the configured proxy.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64681
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-32205
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to curl does not impose limits to the size of cookies stored in the system. A malicious server can serve excessive amounts of Set-Cookie:
headers in a HTTP response to curl and consume all available disk space.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64682
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-32206
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insecure processing of compressed HTTP responses. A malicious server can send a specially crafted HTTP response to curl and perform a denial of service attack by forcing curl to spend enormous amounts of allocated heap memory, or trying to and returning out of memory errors.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64684
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-32207
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to incorrect default permissions set to cookies, alt-svc and hsts data stored in local files. A local user with ability to read such files can gain access to potentially sensitive information.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64685
Risk: Medium
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-32208
CWE-ID:
CWE-347 - Improper Verification of Cryptographic Signature
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to improper handling of message verification failures when performing FTP transfers secured by krb5. A remote attacker can perform MitM attack and manipulate data.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU66881
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-35252
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the way curl handles cookies with control codes (byte values below 32). When cookies that contain such control codes are later sent back to an
HTTP(S) server, it might make the server return a 400 response, effectively allowing a "sister site" to deny service to siblings.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU68749
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-42916
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error when parsing URL with IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. A remote attacker can bypass curl's HSTS check and trick it into using unencrypted HTTP protocol.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU68746
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-32221
CWE-ID:
CWE-440 - Expected Behavior Violation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to force unexpected application behavior.
The vulnerability exists due to a logic error for a reused handle when processing subsequent HTTP PUT and POST requests. The libcurl can erroneously use the read callback (CURLOPT_READFUNCTION
) to ask for data to send, even when the CURLOPT_POSTFIELDS
option has been set, if the same handle previously was used to issue a PUT
request, which used that callback. As a result, such behavior can influence application flow and force unpredictable outcome.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU63008
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27781
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when handling requests with the CURLOPT_CERTINFO option. A remote attacker can consume all available system resources and cause denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70457
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-43551
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists in the way curl handles IDN characters in hostnames. The HSTS mechanism could be bypassed if the hostname in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Then in a subsequent request it does not detect the HSTS state and makes a clear text transfer.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70456
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-43552
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error while processing denied requests from HTTP proxies when using SMB or TELNET protocols. A remote attacker can trigger a use-after-free error and crash the application.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU72335
Risk: Medium
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-23914
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to state issues when handling multiple requests, which results in ignoring HSTS support. A remote attacker can perform MitM attack. MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU72336
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-23915
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to state issues when handling multiple transfers in parallel, which results in ignoring HSTS support. A remote attacker can perform MitM attack. MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU72337
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-23916
CWE-ID:
CWE-770 - Allocation of Resources Without Limits or Throttling
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect implementation of the "chained" HTTP compression algorithms, where the number of links in the decompression chain was limited for each header instead of the entire request. A remote attacker can send a specially crafted compressed HTTP request with numerous headers and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU73826
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-27533
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to manipulate requests.
The vulnerability exists due to missing documentation of the TELNET protocol support and the ability to pass on user name and "telnet options" for the server negotiation. A remote attacker can manipulate the connection sending unexpected data to the server via the affected client.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU63009
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27782
CWE-ID:
CWE-303 - Incorrect Implementation of Authentication Algorithm
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the way libcurl handles previously used connections in a connection pool for subsequent transfers. Several TLS and SSH settings were left out from the configuration match checks, resulting in erroneous matches for different resources. As a result, libcurl can send authentication string from one resource to another, exposing credentials to a third-party.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU62644
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27776
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to curl can leak authentication or cookie header data during HTTP redirects to the same host but another port number. When asked to send custom headers or cookies in its HTTP requests, curl sends that set of headers only to the host which name is used in the initial URL, so that redirects to other hosts will make curl send the data to those. However, due to a flawed check, curl wrongly also sends that same set of headers to the hosts that are identical to the first one but use a different port number or URL scheme.
The vulnerability exists due to an incomplete fix for #VU10224 (CVE-2018-1000007).
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU73828
Risk: Low
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-27535
CWE-ID:
CWE-371 - State Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to FTP server.
The vulnerability exists due to cURL will reuse a previously created FTP connection even when one or more options had been changed that could have made the effective user a very different one. A remote attacker can connect to the FTP server using credentials supplied by another user and gain access to otherwise restricted functionality.
The settings in questions are CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC and CURLOPT_USE_SSL level.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU34080
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-13632
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in ext/fts3/fts3_snippet.c in SQLite. A local user can trigger denial of service conditions via a crafted matchinfo() query.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU27023
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-11655
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when the AggInfo object's initialization is mishandled. A remote attacker can pass specially crafted input via a malformed window-function query to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU27024
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-11656
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the ALTER TABLE implementation. A remote attacker can execute arbitrary code on the target system, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU28227
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-13434
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow within the sqlite3_str_vappendf() function in printf.c. A remote attacker can pass specially crafted data to the application, trigger integer overflow and crash the application.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU28226
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-13435
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in sqlite3ExprCodeTarget() function in expr.c. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU34077
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-13630
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the fts3EvalNextRow() function in ext/fts3/fts3.c. A remote attacker can pass specially crafted data to application, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU34079
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-13631
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass certain security restrictions.
The vulnerability exists due an error in alter.c and build.c files in SQLite that allows a local user to rename a virtual table into a shadow table. A local user with permissions to create virtual tables can renamed them and gain unauthorized access to the fronted application.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU30165
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-15358
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU62643
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27775
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to improper management of internal resources when handling IPv6 protocol. Due to errors in the logic, the config matching function did not take the IPv6 address zone id into account which could lead to libcurl reusing the wrong connection when one transfer uses a zone id and a subsequent transfer uses another (or no) zone id.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU67414
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-35737
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when handling an overly large input passed as argument to a C API. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU84985
Risk: Medium
CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-7104
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the sessionReadRecord() function in ext/session/sqlite3session.c when processing a corrupt changeset. A remote user can send a specially crafted request to trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU66153
Risk: High
CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-37434
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing a large gzip header within inflateGetHeader in inflate.c. A remote attacker can pass a specially crafted file to the affected application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU82299
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-45853
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the zipOpenNewFileInZip4_64() function from MiniZip. A remote attacker can create a specially crafted archive, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU62640
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-22576
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error when re-using OAUTH2 connections for SASL-enabled protocols, such as SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only). libcurl may reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. As a result, a connection that is successfully created and authenticated with a user name + OAUTH2 bearer can subsequently be erroneously reused even for user + [other OAUTH2 bearer], even though that might not even be a valid bearer.
A remote attacker can exploit this vulnerability against applications intended for use in multi-user environments to bypass authentication and gain unauthorized access to victim's accounts.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU62641
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-27774
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to curl attempts to follow redirects during authentication process and does not consider different port numbers or protocols to be separate authentication targets. If the web application performs redirection to a different port number of protocol, cURL will allow such redirection and will pass credentials. It could also leak the TLS SRP credentials this way.
By default, curl only allows redirects to HTTP(S) and FTP(S), but can be asked to allow redirects to all protocols curl supports.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU73827
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-27534
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in the SFTP support when handling the tilde "~" character in the filepath. cURL will replace the tilde character to the current user's home directory and can reveal otherwise restricted files.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU73829
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-27536
CWE-ID:
CWE-371 - State Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to cURL will reuse a previously created connection even when the GSS delegation (CURLOPT_GSSAPI_DELEGATION) option had been changed that could have changed the user's permissions in a second transfer. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, this GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU23791
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-19645
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in alter.c that can be triggered via certain types of self-referential views in conjunction with ALTER TABLE statements. A remote attacker can consume all available system resources and cause denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU71645
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3341
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the decode_main_header() function in libavformat/nutdec.c A remote attacker can trick the victim to open a specially crafted file and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU84800
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-33815
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an out-of-bounds array access within the dwa_uncompress() function in libavcodec/exr.c. A remote attacker can trick the victim to open a specially crafted image, trigger memory corruption and execute arbitrary code on the system.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92207
Risk: Low
CVSSv3.1: 4.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-38114
CWE-ID:
CWE-252 - Unchecked Return Value
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to libavcodec/dnxhddec.c in FFmpeg does not check the return value of the init_vlc function. A local user can trick the victim into opening a specially crafted file to trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU84801
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-38171
CWE-ID:
CWE-252 - Unchecked Return Value
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an unchecked return value within the adts_decode_extradata() function in libavformat/adtsenc.c. A remote attacker can trick the victim to open a specially crafted image and execute arbitrary code on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU84803
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1475
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to integer overflow within the g729_parse() function in llibavcodec/g729_parser.c. A remote attacker can trick the victim to open a specially crafted file and crash the application.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76080
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3964
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the QuickTime RPZA Video Encoder in libavcodec/rpzaenc.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70598
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3109
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the vp3_decode_frame() function in libavcodec/vp3.c in FFmpeg. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU75667
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48434
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in libavcodec/pthread_frame.c. A remote attacker can pass a specially crafted file to the application, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86231
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52426
CWE-ID:
CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to recursive XML Entity Expansion if XML_DTD is undefined at compile time. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92206
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-46407
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the dist->alphabet_size variable in the read_vlc_prefix() function. A local user can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92205
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-47470
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A local user can create a specially crafted file, trick the victim into opening it using the affected software, achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92203
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-22860
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the jpegxl_anim_read_packet component in the JPEG XL Animation decoder. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92200
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-22862
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system via the JJPEG XL Parser.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92211
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-22861
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to integer overflow in the avcodec/osq module. A remote attacker can pass specially crafted data to the application, trigger integer overflow and perform a denial of service attack on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92210
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-30472
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU53602
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30123
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing media content in libavcodec/aacdec_template.c. A remote attacker can create a specially crafted media file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86230
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52425
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when parsing large tokens. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU73831
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-27538
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the way libcurl handles previously used connections in a connection pool for subsequent transfers. Several SSH settings were left out from the configuration match checks, resulting in erroneous matches for different resources. As a result, libcurl can send authentication string from one resource to another, exposing credentials to a third-party. MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU83899
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-46219
CWE-ID:
CWE-311 - Missing Encryption of Sensitive Data
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to an error when handling HSTS long file names. When saving HSTS data to an excessively long file name, curl can end
up removing all contents from the file, making subsequent requests using that file
unaware of the HSTS status they should otherwise use. As a result, a remote attacker can perform MitM attack.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76233
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28319
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a use-after-free error when checking the SSH sha256 fingerprint. A remote attacker can use the application to connect to a malicious SSH server, trigger a use-after-free error and gain access to potentially sensitive information.
Successful exploitation of the vulnerability requires usage of the the CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 option, and also CURLOPT_VERBOSE or CURLOPT_ERRORBUFFER options have to be set.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76235
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28320
CWE-ID:
CWE-662 - Improper Synchronization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper synchronization when resolving host names using the alarm() and siglongjmp() function. A remote attacker can force the application to crash by influencing contents of the global buffer.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76237
Risk: Medium
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28321
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to improper certificate validation when matching wildcards in TLS certificates for IDN names. A remote attacker crate a specially crafted certificate that will be considered trusted by the library.
Successful exploitation of the vulnerability requires that curl is built to use OpenSSL, Schannel or Gskit.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76238
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28322
CWE-ID:
CWE-440 - Expected Behavior Violation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a logic error when sending HTTP POST and PUT requests using the same handle. The libcurl can erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. As a result, the application can misbehave and either send off the wrong data or use memory after free or similar in the second transfer.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU81865
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2023-38545
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the SOCKS5 proxy handshake. A remote attacker can trick the victim to visit a malicious website, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires that SOCKS5 proxy is used and that SOCKS5 handshake is slow (e.g. under heavy load or DoS attack).
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU81863
Risk: Low
CVSSv3.1: 2.3 [CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-38546
CWE-ID:
CWE-73 - External Control of File Name or Path
Exploit availability: No
DescriptionThe vulnerability allows an attacker to inject arbitrary cookies into request.
The vulnerability exists due to the way cookies are handled by libcurl. If a transfer has cookies enabled when the handle is duplicated, the
cookie-enable state is also cloned - but without cloning the actual
cookies. If the source handle did not read any cookies from a specific
file on disk, the cloned version of the handle would instead store the
file name as none
(using the four ASCII letters, no quotes).
none
- if such a file exists and is readable in the current directory of the program using libcurl.
Mitigation
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU78288
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3316
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the TIFFClose() function. A remote attacker can pass specially TIFf file to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU81244
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2023-44488,CVE-2023-5217
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in vp8 encoding in libvpx. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU83511
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40745
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow. A remote attacker can pass specially crafted image to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU81692
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-41175
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in raw2tiff.c A remote attacker can create a specially crafted TIFF file, trick the victim into opening it with the affected software, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86756
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52355
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input within the TIFFRasterScanlineSize64() API. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU75388
Risk: Low
CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1255
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows an attacker to perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU78265
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2975
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in the AES-SIV cipher implementation when authenticating empty data entries via the EVP_EncryptUpdate() and EVP_CipherUpdate() functions. A remote attacker can bypass authentication process and impact application's integrity.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU82349
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5363
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error when processing key and initialisation vector lengths in EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() function. A remote attacker can gain access to potentially sensitive information.
The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85170
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6129
CWE-ID:
CWE-371 - State Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error in POLY1305 MAC (message authentication code) implementation on PowerPC CPU based platforms if the CPU provides vector instructions. A remote attacker can perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU23792
Risk: Medium
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-19646
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of NOT NULL in an integrity_check PRAGMA command in pragma.c when generating certain columns. A remote attacker can perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU23188
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-16168
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a division by zero error within the whereLoopAddBtreeIndex in sqlite3.c due to improper input validation in the sqlite_stat1 sz field. A remote attacker can pass specially crafted data to the application, trigger division by zero error and crash the vulnerable application.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU68718
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-43680
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate. A remote attacker can trigger a use-after-free error and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU60736
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-25235
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to the affected application lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU60733
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-25236
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper protection against insertion of namesep characters into namespace URIs in xmlparse.c. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU60737
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-25313
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in build_model. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU60738
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-25314
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in copyString. A remote attacker can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU60739
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-25315
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in storeRawNames function. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU67532
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-40674
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the doContent() function in xmlparse.c. A remote attacker can pass specially crafted input to the application that is using the affected library, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU46573
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-1968
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a timing flaw in the TLS specification. A remote attacker can compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite and eavesdrop on all encrypted communications sent over that TLS connection.
Note: The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59966
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23852
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU48896
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2020-1971
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via the API functions TS_RESP_verify_response and TS_RESP_verify_token). If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU50744
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-23839
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a MitM attack.
The vulnerability exists due to a faulty implementation of the padding check when server is configured to support SSLv2 protocol. A remote attacker can perform a MitM attack and force the server to use less secure protocols.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50745
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-23840
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input during EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate calls. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50740
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-23841
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the X509_issuer_and_serial_hash() function when parsing the issuer field in the X509 certificate. A remote attacker can supply a specially crafted certificate, trigger a NULL pointer dereference error and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU56064
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3712
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing ASN.1 strings related to a confusion with NULL termination of strings in array. A remote attacker can pass specially crafted data to the application to trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU60166
Risk: Low
CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-4160
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to decrypt TLS traffic.
The vulnerability exists due to BN_mod_exp may produce incorrect results on MIPS. A remote attacker can decrypt TLS traffic. According to vendor, multiple EC algorithms are affected, including some of the TLS 1.3 default curves.
Successful exploitation of the vulnerability requires certain pre-requisites for attack, such as obtaining and reusing private keys.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU60114
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23990
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the doProlog() function. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59650
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-22827
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the storeAtts() function in xmlparse.c. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU62765
Risk: Medium
CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-1292
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU18923
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-20843
CWE-ID:
CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied XML input including XML names that contain a large number of colons. A remote attacker can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.
Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or perform network scanning of internal and external infrastructure.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU200
Risk: Critical
CVSSv3.1: 8.3 [AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-0718
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when handling malformed input documents. A remote unauthenticated attacker can trigger a buffer overflow in the Expat XML parser library and execute arbitrary code by sending specially crafted data to vulnerable server.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU33052
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-6702
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU32074
Risk: Medium
CVSSv3.1: 6.5 [AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-5300
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows context-dependent attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (CPU consumption) via crafted identifiers in an XML document.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU12378
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4472
CWE-ID:
CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to the overflow protection in Expat is removed by compilers with certain optimization settings. A remote attacker can supply specially crafted XML data and cause the service to crash.
The vulnerability exists due to incomplete fix for
CVE-2015-1283 and CVE-2015-2716.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU7242
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-9233
CWE-ID:
CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error within entityValueInitProcessor() function while parsing malformed XML in an external entity. An attacker can take advantage of this flaw to cause a denial of service against an application using the Expat library.
Successful exploitation of the vulnerability may allow an attacker to perform a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU21091
Risk: Medium
CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-15903
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information or perform denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing XML documents within the expat library. A remote attacker can create a specially crafted XML file, pass it to the affected application, trigger out-of-bounds read error and read contents of memory on the system or crash the affected application.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU59649
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-22826
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the nextScaffoldPart() function in xmlparse.c. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59642
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-45960
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in the storeAtts() function in xmlparse.c. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59643
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46143
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the doProlog() function in xmlparse.c. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59645
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-22822
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the addBinding() function in xmlparse.c. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59646
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-22823
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the build_model() function in xmlparse.c. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59647
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-22824
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the defineAttribute() function in xmlparse.c. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59648
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-22825
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the lookup() function in xmlparse.c. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU61391
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-0778
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the BN_mod_sqrt() function when processing an ASN.1 certificate that contains elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. A remote attacker can supply a specially crafted certificate to the TLS server or client, consume all available system resources and cause denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU64559
Risk: Medium
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2068
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.
The vulnerability exists due to incomplete fix for #VU62765 (CVE-2022-1292).
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU18657
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-8457
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform denial of service attack.
The vulnerability exists due to a boundary condition in rtreenode() function when handling invalid rtree tables. A remote attacker can send a specially crafted request to the application, trigger heap out-of-bounds read crash the application.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU79632
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-37369
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing XML content in QXmlStreamReader. A remote attacker can pass specially crafted XML input to the application, trigger memory corruption and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76665
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32573
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a divide by zero error in src/svg/qsvghandler.cpp. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76667
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-33285
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to buffer over-read via a crafted reply from a DNS server within the QDnsLookup() function in src/network/kernel/qdnslookup_unix.cpp. A remote attacker can perform a denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76666
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32762
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. A remote attacker with ability to intercept network traffic can gain access to sensitive data.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76668
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32763
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing SVG files within the QTextLayout() function in src/gui/text/qtextlayout.cpp. A remote attacker can pass a specially crafted SVG file to the application, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU78696
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-34410
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to improper validation of TLS certificate chain, where application does not always consider whether the root of a chain is a configured CA certificate. A remote attacker can perform MitM attack.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU78697
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-38197
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when handling recursive expansions. A remote attacker can consume all available system resources and cause denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92115
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-43114
CWE-ID:
CWE-130 - Improper Handling of Length Parameter Inconsistency
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability occurs when a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData]. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU79310
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-25634
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85067
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-51714
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in network/access/http2/hpacktable.cpp within the HTTP2 implementation in Qt. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU18574
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10989
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to crash the application or gain access to sensitive data.
The vulnerability exists due to a boundary error in the getNodeSize() function in ext/rtree/rtree.c when handling undersized RTree blobs. A local user can supply a specially crafted database to the affected application, trigger heap-based out of bounds read and crash the application or gain access to sensitive data.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU11173
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-8740
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists in the build.c and prepare.c source codes files due to NULL pointer dereference. A remote attacker can cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU17162
Risk: Low
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-20346
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the SQLite component. A remote attacker can send a specially specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU17163
Risk: Low
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-20505
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the SQLite component. A remote attacker can send a specially specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU17164
Risk: Low
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-20506
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the SQLite component. A remote attacker can send a specially specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU74061
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-24607
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the Qt SQL ODBC driver plugin. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU61830
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-25255
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to QProcess can execute a binary from the current working directory when not found in the PATH. A local user can execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU71993
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4304
CWE-ID:
CWE-208 - Information Exposure Through Timing Discrepancy
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain sensitive information.
The vulnerability exists due to a timing based side channel exists in the OpenSSL RSA Decryption implementation. A remote attacker can perform a Bleichenbacher style attack and decrypt data sent over the network.
To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU78798
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3817
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when checking the long DH keys. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU71995
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0215
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the BIO_new_NDEF function. A remote attacker can trigger a use-after-free error and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU71992
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0286
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion error related to X.400 address processing inside an X.509 GeneralName. A remote attacker can pass specially crafted data to the application, trigger a type confusion error and perform a denial of service (DoS) attack or read memory contents.
In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU73960
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0464
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when verifying X.509 certificate chains that include policy constraints. A remote attacker can create a specially crafted certificate to trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU74148
Risk: Low
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0465
CWE-ID:
CWE-347 - Improper Verification of Cryptographic Signature
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to an error when validating certificate policies in leaf certificates. A remote attacker that controls a malicious CA server can issue a certificate that will be validated by the application.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU74149
Risk: Low
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0466
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to an error within the X509_VERIFY_PARAM_add0_policy() function, which does not perform the certificate policy check despite being implicitly enabled. A remote attacker can bypass expected security restrictions and perform MitM attack.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76651
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2650
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when processing OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS subsystems with no message size limit. A remote attacker can send specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU82894
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5678
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within DH_generate_key() and DH_check_pub_key() functions. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU78667
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-45930
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing untrusted input within QtPrivate::QCommonArrayOps::growAppend() function. A remote attacker can create a specially crafted SVG file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and crash the application.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85808
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-0727
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when processing fields in the PKCS12 certificate. A remote attacker can pass specially crafted certificate to the server and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU83900
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-46218
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an error in curl that allows a malicious HTTP server to set "super cookies" that are then passed back to more origins than what is otherwise allowed or possible. A remote attacker can force curl to send such cookie to different and unrelated sites and domains.
MitigationInstall update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU72057
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-45142
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a logic issue in Heimdal GSSAPI related to patch for vulnerability #VU68701 (CVE-2022-3437). A remote user can perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU71996
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4450
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the PEM_read_bio_ex() function. A remote attacker can pass specially crafted PEM file to the application, trigger a double free error and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU80565
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4807
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the POLY1305 MAC (message authentication code) implementation. A remote attacker can send specially crafted input to the application and corrupt MM registers on Windows 64 platform, resulting in a denial of service condition.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU79112
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-41409
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in pcre2test. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU66867
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-38593
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when rendering SVG file within in QOutlineMapper::convertPath. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and crash the application.
Install update from vendor's website.
Vulnerable software versionsCitrix Workspace App: 23.11.0.82.6 on Thin OS 2402
VMware Horizon Client: 2309.8.11.0.22660930.37 on Thin OS 2402
Webex App VDI: 43.10.0.27605.4 on Thin OS 2402
Cisco Webex Meetings: 43.10.2.11.3 on Thin OS 2402
Cisco Jabber: 14.3.0.308378.8 on Thin OS 2402
Liquidware: 6.6.2.5.10 on Thin OS 2402
Telemetry Dashboard: 1.0.0.8 on Thin OS 2402
CPE2.3http://www.dell.com/support/kbdoc/nl-nl/000225289/dsa-2024-229
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.