OESA-2022-1810 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

CVE-2022-22654

A user interface issue was addressed. This issue is fixed in watchOS 8.5, Safari 15.4. Visiting a malicious website may lead to address bar spoofing...

CVE-2021-27414 User interface misrepresentation of critical information in Hitachi ABB Power Grids Ellipse EAM

An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management EAM versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials...

PT-2022-1978 · Microsoft · Defender For Endpoint

Name of the Vulnerable Software and Affected Versions: Microsoft Defender for Endpoint affected versions not specified Description: The issue is related to errors in information representation by the user interface. It may allow a remote attacker to conduct spoofing attacks. Recommendations: At t...

VulnCheck KEV: CVE-2021-39341

The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the loggedinorhasapikey function in the /OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on...

CVE-2021-30948

CVE-2021-30948 affects Apple iOS and iPadOS; an inconsistent UI state management bug potentially allows a person with physical access to an iOS device to access stored passwords without authentication. The issue is fixed in iOS 15.2 / iPadOS 15.2. Vulnerable component details are not fully specif...

Heartbeat not seen on one interface of one node in a HA pair

HA setup configured. On one of the nodes, we see that heartbeat not found on interface 0/1. On one of the nodes, when the command "show HA node" is executed, we see the following: Interfaces on which heartbeats are not seen : 0/1 On the other node, we see the following: Interfaces on which...

CVE-2020-9987

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 14.0. Visiting a malicious website may lead to address bar spoofing...

Update Google Chrome Browser to Patch New Critical Security Flaws

Google has released an urgent software update for its Chrome web browser and is urging Windows, Mac, and Linux users to upgrade the application to the latest available version immediately. Started rolling out to users worldwide this Wednesday, the Chrome 77.0.3865.90 version contains security...

UBUNTU-CVE-2018-18836

An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of webclientapirequestv1data in web/api/webapiv1.c...

CVE-2018-4362

CVE-2018-4362 affects Safari/WebKit on macOS and iOS, describing an inconsistent user interface issue that was addressed with improved state management. Public documentation notes that the issue affected versions prior to Safari 11.1.2 and iOS 12, with a fix delivered in Safari 11.1.2 (and corres...

June 21, 2018—KB4284842 ( Preview of Monthly Rollup)

June 21, 2018—KB4284842 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4284826 released June 12, 2018 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Updates the...

Cross site request forgery (csrf)

An Information Exposure Through Query Strings in GET Request issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An information exposure through query strings vulnerability in the web interface has been identified, which...

CVE-2017-17847

An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demonstrated by an e-mail message with an attachmen...

About the security content of Safari 10.1.1

About the security content of Safari 10.1.1 This document describes the security content of Safari 10.1.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

Webdeskpro role modify vulnerability

Webdeskpro has 4 role authority levels- author, editor, administrator, master We found a vulnerability in Webdeskpro UI. After login, if we modify some role variables as follows , we can read upper role level?s files. Role Modification FRAME...

Lucent Access Point 3006001500 IP Services Router - Long HTTP Request Denial of Service

Lucent Access Point 3006001500 IP Services Router - Long HTTP Request Denial of Service source: https://www.securityfocus.com/bid/5333/info The Lucent Access Point series of routers support a web based administrative interface. An error has been reported in the embedded HTTP server. It has been...

CVE-2000-0988

WinU 1.0 through 5.1 has a backdoor password that allows remote attackers to gain access to its administrative interface and modify configuration...