PT-2023-8376 · Ibm · Ibm Qradar Siem

Name of the Vulnerable Software and Affected Versions: IBM QRadar SIEM version 7.5.0 Description: The issue is related to a lack of protection for the web page structure in the IBM QRadar SIEM system, allowing a remote attacker to bypass restrictions on executing JavaScript. This can lead to the...

ALSA-2023:6340 Moderate: xorg-x11-server security and bug fix update

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fixes: xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability...

Huawei HarmonyOS and EMUI Information Disclosure Vulnerability (CNVD-2023-88960)

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. Huawei HarmonyOS and EMUI have an information disclosu...

Huawei HarmonyOS and EMUI Privilege Management Vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. Huawei HarmonyOS and EMUI have a privilege management...

XWiki Platform Security Vulnerability

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform 3.5-milestone-1 and later versions, which stems from a security vulnerability in the component...

Proofpoint Enterprise Protection Cross-Site Scripting Vulnerability

Proofpoint Enterprise Protection is an application from Proofpoint USA. It provides functionality to protect email. A security vulnerability exists in Proofpoint Enterprise Protection that stems from a stored cross-site scripting XSS vulnerability in AdminUI...

CVE-2023-46381

LOYTEC LINX-151, LINX-212, LVIS-3ME12-A1, LIOB-586, LIOB-580 V2, LIOB-588, L-INX Configurator devices all versions lack authentication for the preinstalled version of LWEB-802 via an lweb802pre/ URI. An unauthenticated attacker can edit any project or create a new project and control its GUI...

OPENSUSE-SU-2023:0352-1 Security update for virtualbox

This update for virtualbox fixes the following issues: - Version bump to VirtualBox 7.0.12 released October 17 2023 by Oracle Fixes the following: - CVE-2023-22098 boo1216363 - CVE-2023-22099 boo1216364 - CVE-2023-22100 boo1216365 This is a maintenance release. The following items were fixed and/...

Cross site scripting

Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site scripting attacks. Accounts that were temporarily taken over could be configured to trigger persistent code...

SUSE CVE-2023-5856

Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

Huawei HarmonyOS 缓冲区错误漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. Huawei HarmonyOS and EMUI suffer from an out-of-bounds...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A security bypass vulnerability exists in Huawei...

KLA61868 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, spoof user interface. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in Side Panel can be exploited to caus...

CVE-2023-5854

Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. Chromium security severity: Medium...

CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities

Today, CISA updated its guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System IOS XE Software Web User Interface UI. The guidance now notes that Cisco has fixed these vulnerabilities for the 17.3 Cisco IOS XE software releas...

The vulnerability of the user interface of the Plesk Obsidian hosting platform allows a hacker to redirect users to arbitrary websites.

The vulnerability of the Plesk Obsidian web hosting platform’s user interface involves redirecting URLs to an unreliable website. Exploiting this vulnerability allows a malicious actor to redirect users to arbitrary websites by sending a specially crafted “Host” header in HTTP requests...

The vulnerability of the Downloads component of the Google Chrome browser, which allows attackers to perform spear-phishing attacks

The vulnerability of the Downloads component of the Google Chrome browser is related to information representation errors in the user interface. Exploiting this vulnerability can allow a remote attacker to perform spoofing attacks...

The vulnerability of the Downloads component of the Google Chrome browser, which allows attackers to perform spear-phishing attacks

The vulnerability of the Downloads component of the Google Chrome browser is related to information representation errors in the user interface. Exploiting this vulnerability can allow a remote attacker to perform spoofing attacks...

CVE-2023-40050

Upload profile either through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec check command with maliciously crafted profile allows remote code execution...

Remote code execution

Upload profile either through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec check command with maliciously crafted profile allows remote code execution...