KLA50559 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to spoof user interface, cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Security UI vulnerability in Diagcab files can be exploited to...

CVE-2023-34658

Telegram v9.6.3 on iOS allows attackers to hide critical information on the User Interface via calling the function SFSafariViewController...

CVE-2023-34658

Telegram v9.6.3 on iOS allows attackers to hide critical information on the User Interface via calling the function SFSafariViewController...

CVE-2023-34658

Telegram v9.6.3 on iOS allows attackers to hide critical information on the User Interface via calling the function SFSafariViewController...

CVE-2023-34658

Telegram v9.6.3 on iOS allows attackers to hide critical information on the User Interface via calling the function SFSafariViewController...

CVE-2023-2625

A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user...

CVE-2023-2625

A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user...

CVE-2023-2625

CVE-2023-2625 (CoreTec 4) : The provided documents describe a command-injection vulnerability in Hitachi Energy TXpert Hub CoreTec 4. An authenticated client on the same network segment (with any access level from VIEWER to ADMIN) can inject shell commands through a specific field in the web UI, ...

Google Pixel 缓冲区错误漏洞

Google Pixel is a smartphone from Google Inc. in the United States. A security vulnerability exists in Google Pixel, which stems from a missing bounds check in the setProfileName of the DevicePolicyManagerService.java file, which may cause the SystemUI menu to crash...

PT-2023-20563 · Coretec 4 · Coretec 4

Name of the Vulnerable Software and Affected Versions: CoreTec 4 affected versions not specified Description: A vulnerability exists that can be exploited by an authenticated client connected to the same network segment as the system, with any level of access from VIEWER to ADMIN. The attacker ca...

CVE-2023-32339

IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 255587...

IBM Business Automation Workflow 跨站脚本漏洞

IBM Business Automation Workflow is a suite of workflow automation solutions from International Business Machines IBM. The product is primarily used for workflow management, compliance management, and features workflow visibility and scalability. IBM Business Automation Workflow has a security...

CVE-2023-36631

Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab. NOTE: the vendor's perspective is "this is intended behavior as the application can be locked usi...

CVE-2023-36631

Malwarebytes Binisoft Windows Firewall Control (wfc.exe) version 6.9.2.0 is affected by a lack of access control that lets local, unprivileged users bypass Windows Firewall restrictions through the Rules tab in the UI. The vendor notes this as intended behavior when the application is password-lo...

CVE-2023-36631

Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab. NOTE: the vendor's perspective is "this is intended behavior as the application can be locked usi...

The vulnerability of microprogramming software in programming and hardware environments for monitoring and security protection of IT infrastructure arises from the implementation of physical threats. This vulnerability is related to incorrect restrictions on the visible layers or frames of the user interface. This allows attackers to compromise data integrity.

The vulnerability of the microprogramming software used in IT infrastructure monitoring and security monitoring hardware devices in NetBotz 4 is related to incorrect restrictions on the layers or frames that can be visualized in the user interface. Exploiting this vulnerability could allow a...

The software vulnerabilities of the EcoStruxure EV Charging Expert parking charging stations allow a violator to modify system settings or user accounts.

The vulnerability of the EcoStruxure EV Charging Expert parking charging station software is related to incorrect restrictions on the visible layers or frames of the user interface. Exploiting this vulnerability could allow an attacker to remotely modify system settings or user accounts...

CVE-2023-23344

A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page...

IBM QRadar SIEM 跨站脚本漏洞

IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...

Wordfence 7.10.0 Released!

Wordfence remains the number one security plugin of choice for website owners serious about protecting their investment and their customers. Our Threat Intelligence team and engineering team stay abreast of the newest threats and ensure that Wordfence is able to protect against them. But keeping ...