UBUNTU-CVE-2023-3922

An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to hijack some links and buttons on the GitLab UI to a malicious page...

The vulnerability of the Microsoft Office software package, related to errors in information presentation at the user interface level, allows attackers to perform spear-phishing attacks.

The vulnerability of the Microsoft Office suite is related to errors in information representation by the user interface. Exploiting this vulnerability can allow attackers to perform spear-phishing attacks remotely...

DEBIAN-CVE-2023-5186

Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. Chromium security severity: High...

Google Chrome Resource Management Error Vulnerability

Google Chrome is a web browser from Google, Inc USA. A resource management error vulnerability exists in Google Chrome prior to version 117.0.5938.132, which stems from the presence of a post-release reuse vulnerability that allows remote attackers to potentially exploit heap corruption via a...

Palantir Security Breach

Palantir is a data platform from US-based Palantir that reimagines how people use data by removing the barriers between back-end data management and front-end data analysis. A security vulnerability exists in Palantir Gotham that stems from the presence of a front-end UI error that causes newly...

Cisco IOS XE Software Input Validation Error Vulnerability

Cisco IOS XE Software is an operating system from Cisco, Inc. A single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. A security vulnerability exists in Cisco IOS XE Software that stems from a flaw in th...

The vulnerability of the Input component in the Google Chrome browser allows a hacker to replace the user interface.

The vulnerability of the Input component in Google Chrome browser is related to the improper use of standard permissions. Exploiting this vulnerability allows a malicious actor to replace the user interface with a specially created HTML page...

Cadence Design Systems GUI Security Vulnerability

Cadence Design Systems GUI is a Graphical User Interface GUI from Cadence Design Systems, Inc. to support its suite of Electronic Design Automation EDA software tools. A security vulnerability exists in Cadence Design Systems GUI version 0.9.2 and prior versions, which stems from the use of an...

How to Remove the ETag Field from the HTTP Response Header Using a Rewrite Policy

This article contains information about removing the ETag field from the HTTP response header using a rewrite policy and action on a NetScaler appliance. Background The rewrite policy and action are created using the Graphical User Interface GUI. Note : Disabling a feature on a NetScaler applianc...

CVE-2023-25533

NVIDIA DGX H100 BMC contains a vulnerability in the web UI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to information disclosure, code execution, and escalation of privileges...

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

CVE-2023-38831 - Ejecución Remota de Código en WinRAR RCE exp...

PT-2023-20144 · Nvidia · Nvidia Dgx H100 Bmc

Name of the Vulnerable Software and Affected Versions: NVIDIA DGX H100 BMC affected versions not specified Description: The NVIDIA DGX H100 BMC contains a vulnerability in the web UI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to...

SUSE CVE-2023-4901

Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. Chromium security severity: Medium...

SUSE CVE-2023-4905

Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. Chromium security severity: Medium...

The vulnerability of the Microsoft Office software package, related to errors in information presentation at the user interface level, allows attackers to carry out spoofing attacks.

The vulnerability of the Microsoft Office suite is related to errors in information representation by the user interface. Exploiting this vulnerability allows a remote attacker to perform spoofing attacks...

DEBIAN-CVE-2023-4901

Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-40624

SAP NetWeaver AS ABAP applications based on Unified Rendering - versions SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, SAPBASIS 702, SAPBASIS 731, allows an attacker to inject JavaScript code that can be executed in the web-application. An attacker could thereby control the behavior of...

PT-2023-8625 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.7.1 Description: The issue allows authenticated users who have access to see the task/dag in the UI to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be...

Apache Airflow 信息泄露漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. An information disclosure vulnerability exists in Apache Airflow versions prior to...

PT-2023-5058 · Microsoft · Office

Name of the Vulnerable Software and Affected Versions: Microsoft Office affected versions not specified Description: The issue is related to errors in the representation of information by the user interface in Microsoft Office. It allows a remote attacker to conduct spoofing attacks...