The vulnerability of the graphical user interface of the artificial intelligence-based security threat detection software FortiAIOps allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the graphical user interface of the artificial intelligence-based security threat detection software FortiAIOps is related to incorrect session duration due to repeated use of session tokens. Exploiting this vulnerability can allow an attacker operating remotely to gain...

The vulnerability of the graphical user interface of the artificial intelligence-based security threat detection software FortiAIOps allows for CSRF attacks to be carried out.

The vulnerability of the graphical user interface of the artificial intelligence-based security threat detection software FortiAIOps is related to the of cross-site requests. Exploiting this vulnerability allows a remote attacker to execute a CSRF attack by sending specially crafted GET requests...

ROS-20240814-05

A vulnerability in the "Save As" function of Mozilla Firefox, Firefox ESR and Thunderbird email client on Windows operating systems is related to insufficient input data validation. Thunderbird email client of Windows operating systems is related to insufficient input data validation. Exploitatio...

Security Bulletin: IBM OpenPages may write sensitive information with System tracing enabled (CVE-2024-35117)

Summary IBM OpenPages may write sensitive data to server log files when the 'UI API' tracing is enabled per the System Tracing feature. Vulnerability Details CVEID:CVE-2024-35117 DESCRIPTION: IBM OpenPages may write sensitive information, under specific configurations, in clear text to the system...

KLA71479 Multiple vulnerabilities in Microsoft Office

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, gain privileges. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Microsoft PowerPoint can be exploit...

PT-2024-5820 · Fortinet · Fortiproxy +3

Name of the Vulnerable Software and Affected Versions: FortiOS versions 7.2.5 and below, 7.0 all versions, 6.4 all versions FortiProxy versions 7.2 all versions, 7.0 all versions FortiPAM versions 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions FortiSwitchManager versions...

PT-2024-29558 · Ibm · Ibm Common Licensing

Name of the Vulnerable Software and Affected Versions: IBM Common Licensing version 9.0 Description: This issue allows a privileged user to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted session...

PT-2024-6529 · Microsoft · Teams

Name of the Vulnerable Software and Affected Versions: Microsoft Teams for iOS affected versions not specified Description: The issue is related to errors in the representation of information by the user interface, which can be exploited by a remote attacker to conduct spoofing attacks. There is ...

KLA71481 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, spoof user interface. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Azure CycleCloud can be exploited...

KLA71480 SUI vulnerability in Microsoft Dynamics

A cross-site-scripting XSS vulnerability was found in Microsoft Dynamics. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2024-38211 Related products Microsoft-Dynamics-365 CVE list CVE-2024-38211 critical KB list 5041557 Solution Install necessary...

KLA71483 SUI vulnerability in Microsoft Apps

A spoofing vulnerability vulnerability was found in Microsoft Apps. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2024-38177 CVE list CVE-2024-38177 critical Solution Install necessary updates from the KB section, that are listed in your Windows...

KLA71485 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, execute arbitrary code, cause denial of service, gain privileges, obtain sensitive information. Below is a...

KLA71482 Multiple vulnerabilities in Microsoft Mariner

Multiple vulnerabilities were found in Microsoft Mariner. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, spoof user interface. Below is a complete list of vulnerabilities: 1. An out of bounds write vulnerability in grub can be exploited to exploited...

Moderate: gnome-shell security update

GNOME Shell acts as a compositing manager for the desktop, and displays both application windows and other objects. It provides core interface functions like switching windows, launching applications, and notifications. It takes advantage of the capabilities of modern graphics hardware and...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the resource file handling mechanism. An attacker can use resource API to access and modify all files in the machine even if they are not under resource path. Remediation Upgrade...

PT-2024-6100 · Zabbix +4 · Zabbix +4

Name of the Vulnerable Software and Affected Versions: Zabbix affected versions not specified Description: The issue is related to incorrect code generation control in the Zabbix monitoring system. It allows a remote attacker to execute arbitrary code. Setting SMS media allows configuring a GSM...

Cisco Identity Services Engine Stored XSS Vulnerabilities (cisco-sa-ise-xss-V2bm9JCY)

According to its self-reported version, Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities is affected by multiple vulnerabilities. - A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack...

SUSE CVE-2024-6996

Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

SUSE CVE-2024-7003

Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

SUSE CVE-2024-7005

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. Chromium security severity: Low...