UBUNTU-CVE-2023-2013

An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An issue was found that allows someone to abuse a discrepancy between the Web application display a...

PT-2023-14815 · Syncthing +2 · Syncthing +2

Name of the Vulnerable Software and Affected Versions: Syncthing versions prior to 1.23.5 Description: The issue concerns a stored cross-site scripting attack in Syncthing, an open-source continuous file synchronization program. A compromised instance with shared folders could sync malicious file...

The vulnerability of Mozilla Firefox and Focus for Android, related to information representation errors in the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of Mozilla Firefox and Focus for Android browsers is related to information representation errors in the user interface. Exploiting this vulnerability allows a remote attacker to perform spear-phishing attacks using a specially created cookie file...

CVE-2023-0616

If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted message with this...

CVE-2023-0616

If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted message with this...

Design/Logic Flaw

ChuanhuChatGPT is a graphical user interface for ChatGPT and many large language models. A vulnerability in versions 20230526 and prior allows unauthorized access to the config.json file of the privately deployed ChuanghuChatGPT project, when authentication is not configured. The attacker can...

CVE-2023-0616

If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted message with this...

Wallpaper 安全漏洞

Wallpaper is a wallpaper application from Wallpaper Inc. A security vulnerability exists in Wallpaper version 12, which stems from a vulnerability that allows an attacker to force the application to load a malicious image URL and display it in the UI by injecting data, ultimately resulting in a...

Glitter Unicorn Wallpaper 安全漏洞

Glitter unicorn wallpaper is a wallpaper application. A security vulnerability exists in Glitter Unicorn Wallpaper versions 7.0 through 8.0, which stems from a vulnerability that allows an unauthorized application to actively request permissions to insert data into a database, which could allow a...

KLA49331 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface, execute arbitrary code, gain privileges. Below is a complete list of vulnerabilities: 1. Out of bounds write vulnerability in Swiftshader can b...

ToUI 安全漏洞

ToUI is a Python package for creating user interfaces websites and desktop applications from HTML. A security vulnerability exists in ToUI versions 2.0.1 through 2.4.0 that stems from the use of the website.uservars attribute...

The vulnerability in the ChromeOS Camera browser component of Google Chrome operating systems and ChromeOS/Flex, which allows a hacker to execute arbitrary code.

The vulnerability of the ChromeOS Camera browser component in Google Chrome operating systems and ChromeOS/ChromeOS Flex is related to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through certain interactions with the user...

HUAWEI EMUI/Magic UI 输入验证错误漏洞

Huawei EMUI and Huawei Magic UI are both products of Huawei, a Chinese company.Huawei EMUI is a mobile operating system based on Android.Huawei Magic UI is a smart device operating system. A security vulnerability exists in HUAWEI EMUI/Magic UI.The vulnerability stems from an integer overflow iss...

The vulnerability of Firefox and Firefox ESR browsers, related to information representation errors in the user interface, allows attackers to perform spoofing attacks.

The vulnerability of Firefox and Firefox ESR browsers is related to information representation errors in the user interface. Exploiting this vulnerability can allow a malicious actor to perform a spoofing attack remotely...

M-Files 安全漏洞

M-Files is an innovative metadata-driven document management platform from M-Files, Inc. A security vulnerability exists in M-Files Client prior to version 23.5.12598.0, which stems from a lack of access rights checking that allows elevation of privileges via UI application extensions...

The vulnerabilities of Firefox and Firefox ESR browsers, as well as the Thunderbird email client, are related to information representation errors in the user interface. These vulnerabilities allow attackers to perform spoofing attacks.

The vulnerabilities of Firefox and Firefox ESR browsers, as well as the Thunderbird email client, are related to information representation errors in the user interface. Exploiting these vulnerabilities can allow a malicious actor to perform a spear-phishing attack by manipulating the URL field...

Update now: 9 vulnerabilities impact Cisco Small Business Series

Vulnerabilities have been found and fixed in the web-based user interface of various Cisco products in the Small Business Series. These nine issues are tied to the web-based user interface of the products, and in a worst case scenario could lead to denial of service DoS conditions or arbitrary co...

CVE-2023-28529

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

Cisco Releases Security Advisory for Small Business Series Switches

Cisco released a security advisory to address multiple vulnerabilities affecting the web-based user interface of certain Cisco Small Business Series Switcheslink is external. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition or execute arbitrary code wit...

The vulnerability of the Traffic Management User Interface (TMUI) of the BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Hybrid Defender, and BIG-IP Domain Name System programs allows attackers to execute cross-site scripting attacks.

The vulnerability of the Traffic Management User Interface TMUI of the BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Hybrid Defender, and BIG-IP Domain Name System software programs is related to the lack o...