49 matches found
Security Bulletin: IBM Sterling Connect:Direct Browser User Interface is vulnerable to multiple vulnerabilities due to Jetty
Summary IBM Sterling Connect:Direct Browser User Interface uses Jetty server. Vulnerability Details IBM X-Force ID: 260681 DESCRIPTION: Eclipse Jetty is vulnerable to an XML external entity injection XXE attack when processing XML data, caused by a weakly configured XML parser. By using specially...
IBM Sterling Connect:Express for UNIX 安全漏洞
IBM Sterling Connect:Express for UNIX is a file transfer solution from International Business Machines IBM for the UNIX platform. A security vulnerability exists in IBM Sterling Connect:Express for UNIX version 1.5, which stems from the vulnerability of the browser UI to cookies...
SUSE CVE-2017-7812
If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through "file:" URLs. This vulnerability affects Firefox 56...
SUSE CVE-2018-6147
Lack of secure text entry mode in Browser UI in Google Chrome on Mac prior to 67.0.3396.62 allowed a local attacker to obtain potentially sensitive information from process memory via a local process...
Mozilla: Custom mouse cursor could have been drawn over browser UI
The Mozilla Foundation Security Advisory describes this flaw as: If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks...
Mozilla: Custom mouse cursor could have been drawn over browser UI
The Mozilla Foundation Security Advisory describes this flaw as: If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks...
Mozilla: Custom mouse cursor could have been drawn over browser UI
The Mozilla Foundation Security Advisory describes this flaw as: If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks...
Mozilla: Custom mouse cursor could have been drawn over browser UI
The Mozilla Foundation Security Advisory describes this flaw as: If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks...
Mozilla: Custom mouse cursor could have been drawn over browser UI
The Mozilla Foundation Security Advisory describes this flaw as: If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks...
Mozilla: Custom mouse cursor could have been drawn over browser UI
The Mozilla Foundation Security Advisory describes this flaw as: If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks...
Mozilla: Custom mouse cursor could have been drawn over browser UI
The Mozilla Foundation Security Advisory describes this flaw as: If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks...
Mozilla: Custom mouse cursor could have been drawn over browser UI
The Mozilla Foundation Security Advisory describes this flaw as: If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks...
Mozilla: Custom mouse cursor could have been drawn over browser UI
The Mozilla Foundation Security Advisory describes this flaw as: If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks...
DEBIAN-CVE-2022-1634
Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who had convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific user interactions...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser from Google, Inc. Google Chrome suffers from a resource management error vulnerability that stems from post-release reuse in the browser UI...
Security Bulletin: Multiple Vulnerabilities in Sterling Connect:Direct Browser User Interface
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions. Sterling Connect:Direct Browser User Interface has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in Java SE related to the Deployment...
Mozilla: Firefox could be coaxed into going into fullscreen mode without notification or warning
The Mozilla Foundation Security Advisory describes this flaw as: Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing...
CVE-2021-20560
IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and...
CVE-2021-20560
IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and...
Design/Logic Flaw
IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and...