The vulnerability in the `window.open` method of Mozilla Firefox, Focus for Android, Mozilla Firefox ESR, and the email client Thunderbird allows a hacker to conceal full-screen notifications and perform spoofing attacks.

The vulnerability of the window.open method in Mozilla Firefox, Focus for Android, Mozilla Firefox ESR, and the email client Thunderbird is related to information representation errors in the user interface. Exploiting this vulnerability can allow an attacker to conceal full-screen notifications...

Cisco Small Business 安全漏洞

Cisco Small Business is a switch from Cisco. A security vulnerability exists in Cisco Small Business Series Switches that stems from multiple vulnerabilities in the web-based user interface. An unauthenticated, remote attacker could exploit this vulnerability to cause a denial of service DoS or...

CVE-2023-20160 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due t...

CVE-2023-20157 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due t...

CVE-2023-20161

CVE-2023-20161 affects Cisco Small Business Series Switches and relates to multiple vulnerabilities in the web-based user interface. The root cause, as described, is improper validation of requests sent to the web interface, enabling an unauthenticated, remote attacker to cause a denial of servic...

CVE-2023-20159 Cisco Small Business Series Switches Buffer Overflow Vulnerabilities

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due t...

Cisco Small Business Series Switches Buffer Overflow Vulnerabilities

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due t...

CVE-2023-20161

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due t...

DEBIAN-CVE-2023-2722

Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

webkitgtk: issue was addressed with improved UI handling

A vulnerability was found in webkitgtk, where an issue was addressed with improved UI handling. Visiting a website that frames malicious content may lead to UI spoofing...

The vulnerability of Microsoft Edge browser, related to information representation errors in the user interface, allows a hacker to perform a spoofing attack.

The vulnerability of Microsoft Edge is related to information representation errors in the user interface. Exploiting this vulnerability can allow a malicious actor to perform a spoofing attack remotely...

AlmaLinux 9 : webkit2gtk3 (ALSA-2023:2256)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2256 advisory. - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing...

CVE-2023-2458

Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. Chromium security severity: High...

CVE-2023-28520

IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250454...

IBM Cognos Analytics 跨站脚本漏洞

IBM Cognos Analytics is a suite of business intelligence software from International Business Machines IBM. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A cross-site scripti...

PT-2023-12346 · Ibm · Ibm Cognos Analytics

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.1 through 11.2 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted...

VulnCheck KEV: CVE-2015-5317

Jenkins User Interface UI contains an information disclosure vulnerability that allows users to see the names of jobs and builds otherwise inaccessible to them on the "Fingerprints" pages...

Seiko Solutions SkyBridge 信任管理问题漏洞

Seiko Solutions SkyBridge is a series of routers from Seiko Solutions, Japan. A security vulnerability exists in Seiko Solutions SkyBridge MB-A200 firmware version 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware version 1.4.1 and earlier. An attacker could exploit the vulnerability to...

Seiko Solutions SkyBridge 安全漏洞

Seiko Solutions SkyBridge is a series of routers from Seiko Solutions Japan. A security vulnerability exists in Seiko Solutions SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier versions. An attacker could exploit the vulnerability to decrypt the password of the product's WebUI...

PT-2023-19291 · Unknown · Skybridge Mb-A200 +1

Name of the Vulnerable Software and Affected Versions: SkyBridge MB-A200 versions 01.00.05 and earlier SkyBridge BASIC MB-A130 versions 1.4.1 and earlier Description: The issue is related to an improper following of a certificate's chain of trust, which may allow a remote unauthenticated attacker...