CVE-2023-22361

Improper privilege management vulnerability in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier allows a remote authenticated attacker to alter a WebUI password of the product...

CVE-2023-22361

CVE-2023-22361 affects Seiko Solutions SkyBridge MB-A100/110 firmware (4.2.0 and earlier) and is caused by improper privilege management that allows a remote authenticated attacker to alter the WebUI password. The connected documents provide concrete remediation guidance: update to SkyBridge MB-A...

CVE-2023-25072

CVE-2023-25072 affects Seiko Solutions SkyBridge MB-A100/110 (firmware v4.2.0 and earlier). The weakness is use of weak credentials, which may let a remote unauthenticated attacker decrypt the WebUI password. Affected components are the SkyBridge WebUI authentication/credential handling; root cau...

CVE-2023-23901

CVE-2023-23901 affects Seiko Solutions SkyBridge MB-A200 firmware (01.00.05 and earlier) and SkyBridge BASIC MB-A130 firmware (1.4.1 and earlier). Root cause: improper following of a certificate’s chain of trust. Impact: remote unauthenticated attacker may eavesdrop on or alter communications sen...

Seiko Solutions SkyBridge 安全漏洞

Seiko Solutions SkyBridge is a series of routers from Seiko Solutions, Japan. A security vulnerability exists in Seiko Solutions SkyBridge and SkySpider. An attacker could exploit the vulnerability to decrypt the password of the product's WebUI. The following products and versions are affected:...

CVE-2023-25184

CVE-2023-25184 affects Seiko Solutions SkyBridge and SkySpider series. A remote unauthenticated attacker could decrypt the WebUI password due to use of weak credentials. Affected products/versions: SkyBridge MB-A200 firmware 01.00.05 and earlier; SkyBridge BASIC MB-A130 firmware 1.4.1 and earlier...

CVE-2023-23901

Improper following of a certificate's chain of trust exists in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, which may allow a remote unauthenticated attacker to eavesdrop on or alter the communication sent to the WebUI of the...

Important: Red Hat Security Advisory: pcs security and bug fix update

An update for pcs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Moderate: Red Hat Security Advisory: pcs security and bug fix update

An update for pcs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Malicious code in @bingads-webui-campaign-react/labels-page (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b5055c6a222849b6ee18142cce7d609e00c04c147c4c60f6460a128aacca6252 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Denial Of Service (DoS)

Google Chrome is vulnerable to Denial Of Service DoS. The vulnerability exists due to the out-of-bound read in WebUI Settings, which allows an attacker to perform an out-of-bounds memory read via a crafted HTML page, leading to an application crash...

Denial Of Service (DoS)

Google Chrome is vulnerable to Denial Of Service DoS. The vulnerability exists due to the heap buffer overflow in WebUI, which allows an attacker to convince user to engage in specific UI interactions to potentially exploit heap corruption via UI interaction, leading to an application crash...

CVE-2023-26213

On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/updatecertificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. For example, a name field can contain...

SUSE CVE-2015-1266

content/browser/webui/contentwebuicontrollerfactory.cc in Google Chrome before 43.0.2357.130 does not properly consider the scheme in determining whether a URL is associated with a WebUI SiteInstance, which allows remote attackers to bypass intended access restrictions via a similar URL, as...

SUSE CVE-2017-6504

WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking...

SUSE CVE-2017-9031

The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file...

SUSE CVE-2018-6054

Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension...

SUSE CVE-2018-6070

Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension...

SUSE CVE-2020-6535

Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page...

SUSE CVE-2021-21111

Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension...