Security Bulletin: IBM Sterling Connect:Direct Browser User Interface is vulnerable to multiple vulnerabilities due to Jetty

Summary IBM Sterling Connect:Direct Browser User Interface uses Jetty server. Vulnerability Details IBM X-Force ID: 260681 DESCRIPTION: Eclipse Jetty is vulnerable to an XML external entity injection XXE attack when processing XML data, caused by a weakly configured XML parser. By using specially...

The vulnerability in the full-screen mode of Firefox and Firefox ESR browsers, as well as the Thunderbird email client, allows attackers to carry out clickjacking attacks.

The vulnerability in the full-screen mode of Firefox and Firefox ESR browsers, as well as the Thunderbird email client, is related to information representation errors in the user interface. Exploiting this vulnerability can allow a remote attacker to carry out a clickjacking attack...

The vulnerability of Siemens SCALANCE industrial switches’ microprogramming software, related to security mechanism errors, allows a intruder to alter the user interface.

The vulnerability of Siemens SCALANCE industrial switches’ microprogramming software is related to security mechanism errors. Exploiting this vulnerability could allow a malicious actor to alter the user interface remotely...

CVE-2023-20265

A vulnerability in the web-based management interface of a small subset of Cisco IP Phones could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation ...

Malicious code in autocomplete-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a9655da8503f9549c9411d13c7b5306dd5b29247b41ee5857561d74aa7c118dd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

KLA62070 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code, cause denial of service, obtain sensitive information, bypass security restrictions. Below is a complete list of vulnerabilities: 1. A spoofin...

KLA62090 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: 1. Memor...

KLA62089 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, spoof user interface, obtain sensitive information, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Out o...

ROS-20231115-04

Visual Studio Coden source code editor vulnerability related to improper control of code generation. code generation. Exploitation of the vulnerability may allow an attacker to execute arbitrary code Visual Studio Code source code editor vulnerability is related to insufficient protection of...

[SECURITY] Fedora 39 Update: podman-tui-0.12.0-1.fc39

podman-tui is a terminal user interface for Podman v4. podman-tui is using podman.socket service to communicate with podman environm ent and SSH to connect to remote podman machines...

Fedora: Security Advisory for podman-tui (FEDORA-2023-a5a5542890)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the User Interface Application Core in Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the User Interface Application Core in Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code by loading a specially created file...

CVE-2023-5444

A Cross Site Request Forgery vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2 allows a remote low privilege user to successfully add a new user with administrator privileges to the ePO server. This impacts the dashboard area of the user interface. To exploit this the attacker mu...

Open redirect

An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL requests to a malicious site. This impacts the dashboard area of the user interface. A user would need to be logg...

CVE-2023-5445

The CVE-2023-5445 open redirect affects Trellix ePolicy Orchestrator (ePO) before 5.10.0 CP1 Update 2. A low-privileged, authenticated user can modify a URL parameter to redirect requests to a malicious site, targeting the dashboard area. The vulnerability requires the attacker to alter the HTTP ...

CVE-2023-5444 CSRF in ePO leading to privilege escalation

A Cross Site Request Forgery vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2 allows a remote low privilege user to successfully add a new user with administrator privileges to the ePO server. This impacts the dashboard area of the user interface. To exploit this the attacker mu...

SUSE CVE-2022-32919

The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames malicious content may lead to UI spoofing...

KLA61997 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in Microsoft Edge Chromium-based can be...

CVE-2023-23549

Improper Input Validation in Checkmk 2.2.0p15, 2.1.0p37, =2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames...

UBUNTU-CVE-2023-23549

Improper Input Validation in Checkmk 2.2.0p15, 2.1.0p37, =2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames...