CVE-2023-49584

SAP Fiori launchpad - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, UI700 200, SAPBASIS 793, allows an attacker to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application...

CVE-2023-49578

SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integrity of the application...

KLA62391 Multiple vulnerabilities in Microsoft Office

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in Microsoft Outlook can be exploited remotely ...

KLA62390 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Azure Connected Machine Agen...

PT-2023-7776 · Microsoft · Windows Dpapi +1

Name of the Vulnerable Software and Affected Versions: Windows DPAPI affected versions not specified Description: The issue is related to errors in the representation of information by the user interface in the Windows DPAPI component. This can allow a remote attacker to conduct spoofing attacks...

PT-2023-9082 · Extreme Networks · Extreme Networks Ap410C +1

Name of the Vulnerable Software and Affected Versions: Extreme Networks IQ Engine versions prior to 10.6r1a Extreme Networks IQ Engine versions 10.6r1a through 10.6r4 before 10.6r5 Extreme Networks AP410C affected versions not specified Description: The issue arises from the ah webui service, whi...

KLA62388 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, overwrite arbitrary files, gain privileges, spoof user interface. Below is a complete list of...

PT-2023-7708 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in the representation of information by the user interface of the Windows DNS server. It allows a remote attacker to conduct spoofing attacks. Recommendations...

PT-2023-31263 · Sap · Sap Cloud Connector

Name of the Vulnerable Software and Affected Versions: SAP Cloud Connector version 2.0 Description: The issue allows an authenticated user with low privilege to perform a Denial of Service attack from an adjacent UI by sending a malicious request. This leads to a low impact on the availability of...

VulnCheck KEV: CVE-2022-24288

In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI...

openSUSE 15 Security Update : libtorrent-rasterbar, qbittorrent (openSUSE-SU-2023:0391-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2023:0391-1 advisory. - All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to...

Huawei HarmonyOS and EMUI PMS Module Privilege Management Vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A privilege management vulnerability exists in Huawei...

PT-2023-9648 · Oracle · Oracle E-Business Suite +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to a component of Oracle Trading Community, specifically the Party Search UI, and is associated with weaknesses in the authorization procedure. This...

PT-2023-9591 · Oracle · Oracle E-Business Suite +1

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.7 through 12.2.13 Description: The issue is related to a component of the Oracle Quoting product in Oracle E-Business Suite, specifically the User Interface, and is associated with weaknesses in the...

DEBIAN-CVE-2023-6512

Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. Chromium security severity: Low...

CVE-2023-42742

In sysui, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges needed...

CVE-2023-42022

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265938...

CVE-2023-46174

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 269506...

CVE-2023-42009

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265504...

CVE-2023-43015

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266064...