CVE-2024-28772

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...

Huawei EMUI和Huawei HarmonyOS 安全漏洞

Huawei EMUI and Huawei HarmonyOS are both products of Huawei, a Chinese company.Huawei EMUI is a mobile operating system based on Android.Huawei HarmonyOS is an operating system... An access control vulnerability exists in Huawei EMUI and Huawei HarmonyOS. The vulnerability arises because the...

PT-2024-29124 · Unknown · Absolute Secure Access

Name of the Vulnerable Software and Affected Versions: Absolute Secure Access versions prior to 13.07 Description: The issue is a cross-site scripting vulnerability in the Secure Access administrative console. Attackers with system administrator permissions can interfere with another system...

Huawei EMUI和Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A denial of service vulnerability exists in Huawei...

Huawei EMUI和Huawei HarmonyOS 安全漏洞

Huawei EMUI and Huawei HarmonyOS are both products of Huawei, a Chinese company.Huawei EMUI is a mobile operating system based on Android.Huawei HarmonyOS is an operating system... An elevation of privilege vulnerability exists in Huawei EMUI and Huawei HarmonyOS, which stems from improper...

Huawei EMUI和Huawei HarmonyOS 安全漏洞

Huawei EMUI and Huawei HarmonyOS are both products of Huawei, a Chinese company.Huawei EMUI is a mobile operating system based on Android.Huawei HarmonyOS is an operating system... A memory request logic vulnerability exists in Huawei EMUI and Huawei HarmonyOS. The vulnerability stems from a memo...

PT-2024-5256 · Ibm · Ibm Security Directory Integrator +1

Name of the Vulnerable Software and Affected Versions: IBM Security Directory Integrator version 7.2.0 IBM Security Verify Directory Integrator version 10.0.0 Description: The issue is related to stored cross-site scripting in the web interface of the affected software, allowing users to embed...

The vulnerability of Siemens LOGO programmable logic controllers’ software lies in the improper implementation of security functions for the user interface, allowing attackers to gain access to the controller.

The vulnerability of Siemens LOGO programmable logic controllers’ built-in software is related to the incorrect implementation of security functions for the user interface. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to the controller...

PT-2024-5286 · Google +4 · Google Chrome +4

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 127.0.6533.72 Microsoft Edge affected versions not specified Description: The issue is related to a use after free vulnerability in the User Education component of Google Chrome and Microsoft Edge, which can le...

PT-2024-5285 · Google +4 · Google Chrome +4

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 127.0.6533.72 Microsoft Edge affected versions not specified Description: The issue is related to inappropriate implementation in the FedCM component, which is associated with inadequate access control. This...

PT-2024-5299 · Google +4 · Google Chrome +4

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 127.0.6533.72 Microsoft Edge affected versions not specified Description: The issue is related to a use after free in CSS, which can lead to heap corruption. A remote attacker could potentially exploit this by...

Vulnerability fixed in Cisco Smart Software Manager On-Prem

Cisco has fixed a vulnerability in Cisco SSM On-Prem formerly known as Cisco Smart Software Manager Satellite SSM Satellite. The vulnerability allows an unauthenticated malicious person with access to Cisco Smart Software Manager On-Prem to change users' passwords by sending an HTTP request. If...

CVE-2024-28796

IBM ClearQuest CQ 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

KLA70898 SUI vulnerability in Microsoft Browser

Spoof user interface vulnerability was found in Microsoft Browser. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2024-38156 Related products Microsoft-Edge CVE list CVE-2024-38156 high Solution Install necessary updates from the Settings and more...

PT-2024-5456 · Ibm · Ibm Clearquest

Name of the Vulnerable Software and Affected Versions: IBM ClearQuest versions 9.1 through 9.1.0.6 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session...

IBM Rational ClearQuest 跨站脚本漏洞

IBM Rational ClearQuest IBM Rational CQ is a change management software from International Business Machines IBM. It can help increase developer productivity while providing methods, processes, and tools that are best suited for project and team personnel. A cross-site scripting vulnerability...

DEBIAN-CVE-2024-3172

Insufficient data validation in DevTools in Google Chrome prior to 121.0.6167.85 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

CVE-2024-21155

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: User Interface. The supported version that is affected is 8.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit...

CVE-2024-21155

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: User Interface. The supported version that is affected is 8.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit...

KLA70479 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, perform cross-site scripting attack, bypass security restrictions, spoof user interface, gain privileges, obtain sensitive information...