OPENSUSE-SU-2023:0096-1 Security update for liferea

liferea was updated to version 1.14.1: + Fix CVE-2023-1350 - Remote code execution on feed enrichment boo1209190. Update to version 1.14.0: + New 'Reader mode' preference that allows stripping all web content + Implement support for Webkits Intelligent Tracking Protection + New progress bar when...

The vulnerability of the Fluentd data collector and its browser-based manager, fluentd-ui, stems from the default use of a standard password. This allows attackers to execute arbitrary code.

The vulnerability of Fluentd and its browser manager, fluentd-ui, is related to the default use of a standard password. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Vulnerability of Windows operating systems, related to errors in information representation by the user interface, allows attackers to perform spear-phishing attacks

The vulnerability of Windows operating systems is related to errors in information representation by the user interface. Exploiting this vulnerability allows attackers to perform spear-phishing attacks using a specially created malicious HTA file...

IBM WebSphere Application Server 跨站脚本漏洞

IBM WebSphere Application Server is an application server product. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A cross-site scripting vulnerability exists in IBM WebSphere Application Server. The vulnerability...

The vulnerability of the Microsoft Visual Studio software allows attackers to perform spear-phishing attacks.

The vulnerability of the Microsoft Visual Studio software relates to errors in information representation by the user interface. Exploiting this vulnerability can allow attackers to perform spear-phishing attacks...

WordPress Plugin Custom Post Type UI 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

[SECURITY] Fedora 36 Update: insight-13.0.50.20220502-9.fc36

Insight is a tight graphical user interface to GDB written in Tcl/Tk. It provides a comprehensive interface that enables users to harness most of GDB's power. It's also probably the only up-to-date UI for the latest GDB version...

Fedora: Security Advisory for insight (FEDORA-2023-8a6a30c142)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Swagger UI 4.1.3 - User Interface (UI) Misrepresentation of Critical Information Exploit

Exploit Title: Swagger UI 4.1.3 - User Interface UI Misrepresentation of Critical Information Exploit Author: Rafael Cintra Lopes Vendor Homepage: https://swagger.io/ Version: 4.1.3 CVE: CVE-2018-25031 Site: https://rafaelcintralopes.com.br/ Usage: python swagger-exploit.py https://swagger-page.c...

ROS-20230420-03

The vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to an operation exceeding the memory buffer boundaries when checking the number of available bytes of regulated threads. operation exceeds buffer boundaries in memory when checking the number of available...

ROS-20230420-04

Vulnerability in Mozilla Firefox, Firefox ESR browsers and Thunderbird mail client of the operating systems Windows operating systems is related to insufficient protection of service data when processing a request to save files via the "Save As" dialog box. via the "Save As" dialog box...

PowerJob vulnerable to Incorrect Access Control via the create user/save interface.

PowerJob v4.9.3 is vulnerable to Incorrect Access Control via the create user/save interface...

GHSA-C23V-VQW5-52C5 PowerJob vulnerable to Incorrect Access Control via the create user/save interface.

PowerJob v4.9.3 is vulnerable to Incorrect Access Control via the create user/save interface...

CVE-2023-28124

Improper usage of symmetric encryption in UI Desktop for Windows Version 0.59.1.71 and earlier could allow users with access to UI Desktop configuration files to decrypt their content.This vulnerability is fixed in Version 0.62.3 and later...

CVE-2023-29922

PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface...

Oracle Primavera Unifier (Apr 2023 CPU)

The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2023 CPU advisory. - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering component: Document Management FreeType. Supported versions...

CVE-2022-43378

A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause the user to be tricked into performing unintended actions when external address frames are not properly restricted. Affected Products: NetBotz 4 - 355/450/455/550/570 V4.7.0 and prior...

Oracle Linux 9 : thunderbird (ELSA-2023-1809)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-1809 advisory. 102.10.0-2.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 102.10.0-2 - Update to 102.10.0 build2 102.10.0-...

CVE-2023-29213 org.xwiki.platform:xwiki-platform-logging-ui Injection vulnerability

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of org.xwiki.platform:xwiki-platform-logging-ui it is possible to trick a user with programming rights into visiting a constructed url where e.g., by embedding an image wi...

Thunderbird: Hang when processing certain OpenPGP messages

The Mozilla Foundation Security Advisory describes this flaw as: Certain malformed OpenPGP messages could trigger incorrect parsing of PKESK/SKESK packets due to a bug in the Ribose RNP library used by Thunderbird up to version 102.9.1, which would cause the Thunderbird user interface to hang. Th...