Astra Linux – Vulnerability in Chromium

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in Autofill in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

Astra Linux – Vulnerability in Chromium

The incorrect security interface in the Downloads section of Google Chrome prior to version 129.0.6668.58 allowed a remote attacker who convinced a user to perform certain UI gestures to perform UI spoofing through a crafted HTML page. Chromium security severity: Medium...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

PYSEC-2024-310

Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret for an application integration. The Client ...

CVE-2024-53253 Sentry's improper error handling leaks Application Integration Client Secret

Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret for an application integration. The Client ...

KLA77435 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in Microsoft Edge Chromium-based can be...

CVE-2022-20632

A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate...

CVE-2021-34751

A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to access sensitive configuration information. The attacker would require low privilege credentials on an affected device. This...

CVE-2022-20657

A vulnerability in the web-based management interface of Cisco PI and Cisco EPNM could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. This vulnerability exists because the web-based management interface does not properly...

CVE-2022-20626 Cisco Prime Access Registrar Appliance Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Access Registrar Appliance could allow an authenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. The attacker would require valid credentials for the device. This vulnerability i...

CVE-2022-20654 Cisco Webex Meetings Cross-Site Scripting Vulnerability

A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based...

IBM Concert 跨站脚本漏洞

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert suffers from a cross-site scripting vulnerability that stems from allowing an unauthenticated attacker to embed arbitrary JavaScript code i...

CVE-2024-45642

IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2024-45099

IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

SUSE CVE-2024-11116

Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

PT-2024-31430 · Ibm · Ibm Security Reaqta

Name of the Vulnerable Software and Affected Versions: IBM Security ReaQta version 3.12 Description: This issue allows a privileged user to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session...

The vulnerability of Microsoft Exchange Server servers, related to errors in information representation by the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of Microsoft Exchange Server servers is related to errors in information representation by the user interface. Exploiting this vulnerability can allow attackers to carry out spear-phishing attacks...

DEBIAN-CVE-2024-11111

Inappropriate implementation in Autofill in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

DEBIAN-CVE-2024-11116

Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...