Lucene search
K

49 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/11/23 3:22 a.m.12 views

Security Bulletin: IBM Sterling Connect:Direct Browser User Interface is vulnerable to multiple vulnerabilities due to Jetty

Summary IBM Sterling Connect:Direct Browser User Interface uses Jetty server. Vulnerability Details IBM X-Force ID: 260681 DESCRIPTION: Eclipse Jetty is vulnerable to an XML external entity injection XXE attack when processing XML data, caused by a weakly configured XML parser. By using specially...

7.1AI score
Exploits0Affected Software1
CNNVD
CNNVD
added 2023/07/19 12:0 a.m.4 views

IBM Sterling Connect:Express for UNIX 安全漏洞

IBM Sterling Connect:Express for UNIX is a file transfer solution from International Business Machines IBM for the UNIX platform. A security vulnerability exists in IBM Sterling Connect:Express for UNIX version 1.5, which stems from the vulnerability of the browser UI to cookies...

5.3CVSS5.7AI score0.00412EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:46 a.m.3 views

SUSE CVE-2017-7812

If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through "file:" URLs. This vulnerability affects Firefox 56...

5.3CVSS8.3AI score0.01276EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:30 a.m.5 views

SUSE CVE-2018-6147

Lack of secure text entry mode in Browser UI in Google Chrome on Mac prior to 67.0.3396.62 allowed a local attacker to obtain potentially sensitive information from process memory via a local process...

5.5CVSS8.6AI score0.004EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2022/12/13 4:8 p.m.4 views

Mozilla: Custom mouse cursor could have been drawn over browser UI

The Mozilla Foundation Security Advisory describes this flaw as: If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks...

6.1CVSS7.3AI score0.00728EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/12/13 4:8 p.m.4 views

Mozilla: Custom mouse cursor could have been drawn over browser UI

The Mozilla Foundation Security Advisory describes this flaw as: If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks...

6.1CVSS7.3AI score0.00728EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/11/22 1:31 p.m.4 views

Mozilla: Custom mouse cursor could have been drawn over browser UI

The Mozilla Foundation Security Advisory describes this flaw as: If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks...

6.1CVSS7.3AI score0.00728EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/11/21 4:21 p.m.4 views

Mozilla: Custom mouse cursor could have been drawn over browser UI

The Mozilla Foundation Security Advisory describes this flaw as: If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks...

6.1CVSS7.3AI score0.00728EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/11/21 12:53 p.m.4 views

Mozilla: Custom mouse cursor could have been drawn over browser UI

The Mozilla Foundation Security Advisory describes this flaw as: If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks...

6.1CVSS7.3AI score0.00728EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/11/21 12:40 p.m.6 views

Mozilla: Custom mouse cursor could have been drawn over browser UI

The Mozilla Foundation Security Advisory describes this flaw as: If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks...

6.1CVSS7.3AI score0.00728EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/11/21 11:35 a.m.5 views

Mozilla: Custom mouse cursor could have been drawn over browser UI

The Mozilla Foundation Security Advisory describes this flaw as: If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks...

6.1CVSS7.3AI score0.00728EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/11/21 11:29 a.m.5 views

Mozilla: Custom mouse cursor could have been drawn over browser UI

The Mozilla Foundation Security Advisory describes this flaw as: If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks...

6.1CVSS7.3AI score0.00728EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/11/21 11:11 a.m.4 views

Mozilla: Custom mouse cursor could have been drawn over browser UI

The Mozilla Foundation Security Advisory describes this flaw as: If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks...

6.1CVSS7.3AI score0.00728EPSS
Exploits0References6
OSV
OSV
added 2022/07/26 10:15 p.m.2 views

DEBIAN-CVE-2022-1634

Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who had convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific user interactions...

8.8CVSS8.2AI score0.00676EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/03/15 12:0 a.m.9 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser from Google, Inc. Google Chrome suffers from a resource management error vulnerability that stems from post-release reuse in the browser UI...

9.6CVSS8.2AI score0.00764EPSS
Exploits1References13
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/03 8:4 p.m.55 views

Security Bulletin: Multiple Vulnerabilities in Sterling Connect:Direct Browser User Interface

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions. Sterling Connect:Direct Browser User Interface has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the Deployment...

9.8CVSS8.8AI score0.14839EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2021/11/04 5:32 p.m.2 views

Mozilla: Firefox could be coaxed into going into fullscreen mode without notification or warning

The Mozilla Foundation Security Advisory describes this flaw as: Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing...

4.3CVSS7.4AI score0.01459EPSS
Exploits0References4
NVD
NVD
added 2021/07/26 12:15 p.m.12 views

CVE-2021-20560

IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and...

5.4CVSS0.00641EPSS
Exploits0References2
OSV
OSV
added 2021/07/26 12:15 p.m.4 views

CVE-2021-20560

IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and...

5.4CVSS5.8AI score0.00641EPSS
Exploits0References2
Prion
Prion
added 2021/07/26 12:15 p.m.13 views

Design/Logic Flaw

IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and...

4.9CVSS5.4AI score0.00641EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder