CVE-2023-42015

IBM UrbanCode Deploy UCD 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. IBM X-Force ID: 265512...

IBM Security Guardium Cross-Site Scripting Vulnerability

IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as customizable UI, report management, and streamlined audit process building. A cross-site scripting vulnerability exists in IBM...

KLA62519 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, cause denial of service, spoof user interface. Below is a complete list of vulnerabilities: 1. Security vulnerability in Symlinks...

KLA62517 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information, execute arbitrary code, spoof user interface, cause denial of service. Below is a complete list of vulnerabilities: 1. Security...

KLA62518 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, inject malicious code, execute arbitrary code, obtain sensitive information, spoof user interface, cause denial of service. Below is a complete list of...

The vulnerability of Windows DPAPI, a component of the Windows operating system, allows attackers to perform spoofing attacks.

The vulnerability of Windows DPAPI on the Windows operating system is related to information representation errors in the user interface. Exploiting this vulnerability can allow a remote attacker to perform spoofing attacks...

The vulnerability of Azure DevOps Server’s software development tools, related to information representation errors in the user interface, allows attackers to bypass security restrictions and execute cross-site scripting attacks.

The vulnerability of Azure DevOps Server relates to errors in information presentation by the user interface. Exploiting this vulnerability can allow a malicious actor to bypass security restrictions and perform cross-site scripting attacks...

IBM UrbanCode Deploy Security Vulnerabilities

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from International Business Machines IBM. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different...

The vulnerability of the Microsoft Office for Mac software, related to errors in user interface information representation, allows attackers to perform spear-phishing attacks.

The vulnerability of the Microsoft Office for Mac software is related to information representation errors in the user interface. Exploiting this vulnerability can allow attackers to perform spear-phishing attacks remotely...

The vulnerability of Windows operating system DNS servers, which allows attackers to perform spoofing attacks

The vulnerability of DNS servers in Windows operating systems is related to errors in information representation by the user interface. Exploiting this vulnerability can allow a malicious actor to perform spoofing attacks remotely...

GHSA-7654-VFH6-RW6X Remote code execution from account through SearchAdmin

Impact The search administration interface doesn't properly escape the id and label of search user interface extensions, allowing the injection of XWiki syntax containing script macros including Groovy macros that allow remote code execution, impacting the confidentiality, integrity and...

Remote code execution from account through SearchAdmin

Impact The search administration interface doesn't properly escape the id and label of search user interface extensions, allowing the injection of XWiki syntax containing script macros including Groovy macros that allow remote code execution, impacting the confidentiality, integrity and...

UBUNTU-CVE-2023-5512

An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names leading for incorrect...

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab that stems from the fact that file...

PT-2023-32144 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.3 through 16.4.3 GitLab CE/EE versions 16.5 through 16.5.3 GitLab CE/EE versions 16.6 through 16.6.1 Description: An issue has been discovered in GitLab CE/EE where file integrity may be compromised when specific HTML...

PT-2023-29889 · Ibm · Ibm Sterling Secure Proxy

Name of the Vulnerable Software and Affected Versions: IBM Sterling Secure Proxy versions 6.0.3 through 6.1.0 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trust...

The vulnerability of the Microsoft Power Platform Connector’s application programming interface, related to errors in information representation by the user interface, allows a hacker to perform a spear-phishing attack.

The vulnerability of the Microsoft Power Platform Connector’s application programming interface is related to errors in information representation by the user interface. Exploiting this vulnerability allows a malicious actor to carry out a spear-phishing attack by sending the user a specially...

How to change time zone on NetScaler from GUI

This document is about how to change time zone on NetScaler...

KLA62433 SUI vulnerability in Microsoft Azure

A spoofing vulnerability was found in Microsoft Azure. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2023-21751 Related products Microsoft-Azure CVE list CVE-2023-21751 high KB list Solution Install necessary updates from the KB section, that are...

CVE-2023-48429

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. The Web UI of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the server. The server will automaticall...