CVE-2024-39717

The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. Tenant level users do not have this privilege. The “Change Favicon” Favorite Icon...

CVE-2024-39717

The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. Tenant level users do not have this privilege. The “Change Favicon” Favorite Icon...

CVE-2024-39717

Versa Director CVE-2024-39717: Unrestricted file upload via the Change Favicon feature is exposed to administrators (Provider-Data-Center-Admin/System-Admin) after authentication, allowing a .png file to masquerade as an image and potentially lead to remote code execution. Versa issued a security...

SUSE CVE-2024-7978

Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

SUSE CVE-2024-7981

Inappropriate implementation in Views in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

SUSE CVE-2024-8035

Inappropriate implementation in Extensions in Google Chrome on Windows prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2024-39717

The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. Tenant level users do not have this privilege. The “Change Favicon” Favorite Icon...

Google Chrome Permission Issues Vulnerability

Google Chrome is a free web browser developed by Google. It is the world's largest browser in terms of market share due to its speed, security, simplicity, multi-platform support and built-in privacy protection. Google Chrome suffers from a privilege issue vulnerability that can be exploited by...

DEBIAN-CVE-2024-7981

Inappropriate implementation in Views in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

DEBIAN-CVE-2024-7978

Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

CVE-2024-20488 Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user o...

CVE-2024-20488 Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user o...

CVE-2024-20488

Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME) are affected by a cross-site scripting (XSS) vulnerability in their web-based management interface. The issue stems from improper input validation, allowing an unauthenticated, remote atta...

ROS-20240820-01

The vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to the use of memory after its release. memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary code using a specially crafted w...

ROS-20240820-11

The vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to the use of memory after its release. memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary code using a specially crafted w...

The vulnerability in the full-screen notification mode of Mozilla Firefox, Mozilla Firefox ESR, and the email client Mozilla Thunderbird allows a hacker to perform spoofing attacks.

The vulnerability in the full-screen notification mode of Mozilla Firefox, Mozilla Firefox ESR, and the email client Mozilla Thunderbird is related to an improper limitation on the number of user interface layers or frames displayed. Exploiting this vulnerability allows a malicious actor to perfo...

SUSE CVE-2024-22123

Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbixserver will try to communicate with it as modem. As a result, log file will be broken with AT commands and...

The vulnerability of the user interface of Juniper Networks Junos OS allows a attacker to compromise the integrity of the protected information.

The vulnerability of the user interface of Juniper Networks Junos OS is related to the incorrect implementation of user interface security functions. Exploiting this vulnerability can allow an attacker, operating remotely, to compromise the integrity of the protected information...

CVE-2024-42360 Command Injection in sequenceserver

SequenceServer lets you rapidly set up a BLAST+ server with an intuitive user interface for personal or group use. Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands. This vulnerability has been...

The vulnerability of the user interface of the Oracle ZFS Storage Appliance Kit allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Oracle ZFS Storage Appliance Kit’s user interface is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information using the HTTP network protocol...