Security Bulletin: Multiple vulnerabilities in jQuery affect IBM Tivoli Netcool Impact

Summary jQuery is shipped with IBM Tivoli Netcool Impact as part of its user interface. Information about security vulnerabilities affecting jQuery has been published in a security bulletin. Vulnerability Details CVEID:CVE-2021-41182 DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site...

PT-2023-31945 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 16.4.3 GitLab versions 16.5 through 16.5.3 GitLab versions 16.6 through 16.6.1 Description: An issue has been discovered in GitLab that allows a malicious actor to bypass prohibited branch checks using a specially...

PT-2023-28666 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted sessio...

PT-2023-29886 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted sessio...

PT-2023-28212 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted sessio...

The vulnerability of the Jupyter extension in Microsoft Visual Studio’s software development environment allows attackers to perform spear-phishing attacks.

The vulnerability of the Jupyter extension in Microsoft Visual Studio relates to errors in information presentation on the user interface. Exploiting this vulnerability can allow attackers to perform spear-phishing attacks...

CVE-2023-2265

An Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user. See product Instruction Manual Appendix A dated 20230830 for more...

[SECURITY] Fedora 39 Update: qbittorrent-4.6.1-1.fc39

A Bittorrent client using rblibtorrent and a Qt6 Graphical User Interface. It aims to be as fast as possible and to provide multi-OS, unicode support...

mailcow dockerized cross-site scripting vulnerability

mailcow is a mail server suite. A cross-site scripting vulnerability exists in mailcow dockerized, which stems from a cross-site scripting XSS vulnerability in the system's Quarantine UI, which can be exploited by an attacker to send a crafted email containing malicious JavaScript code...

Schweitzer Engineering Laboratories SEL-411L Security Vulnerability

Schweitzer Engineering Laboratories SEL-411L is a state-of-the-art line differential protection, automation and control system from Schweitzer Engineering Laboratories, USA. A security vulnerability exists in the Schweitzer Engineering Laboratories SEL-411L that stems from improper restrictions o...

Apache NiFi cross-site scripting vulnerability (CNVD-2023-9665850)

Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation and system intermediary logic. Apache NiFi suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and...

The vulnerability of Microsoft Edge browser, related to information representation errors in the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of Microsoft Edge is related to information representation errors in the user interface. Exploiting this vulnerability can allow a remote attacker to perform spear-phishing attacks...

The vulnerability of the customer feedback management application of Microsoft Dynamics 365, related to errors in information presentation on the user interface, allows attackers to perform spoofing attacks.

The vulnerability of the customer feedback management application of Microsoft Dynamics 365 involves information representation errors in the user interface. Exploiting this vulnerability could allow a malicious actor to perform a spoofing attack remotely...

gnome-shell bug fix update

An update is available for gnome-shell. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GNOME Shell acts as a compositing manager for the desktop, and displays...

Improper Neutralization of Input in Advanced User Interface for Jolt

Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, the...

CVE-2023-5607

An improper limitation of a path name to a restricted directory path traversal vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a specially crafted GTI...

Path traversal

An improper limitation of a path name to a restricted directory path traversal vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a specially crafted GTI...

CVE-2023-5607

An improper limitation of a path name to a restricted directory path traversal vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a specially crafted GTI...

The vulnerability of the HTTPS-only Mode setting in the Firefox browser allows attackers to carry out clickjacking attacks.

The vulnerability of the HTTPS-only Mode setting in the Firefox browser is related to information representation errors in the user interface. Exploiting this vulnerability can allow a remote attacker to carry out a clickjacking attack...

Security Bulletin: IBM Sterling Connect:Direct Browser User Interface is vulnerable to multiple vulnerabilities due to Eclipse Jetty

Summary IBM Sterling Connect:Direct Browser User Interface uses Eclipse Jetty server. Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication validation when using the...