SUSE-SU-2023:1830-1 Security update for SUSE Manager Server 4.3

This update fixes the following issues: spacewalk-java: - Version 4.3.52-1 Add more restricted arguments to prevent HTTP API logging sensitive data bsc1209386, bsc1209395 spacewalk-web: - Version 4.3.29-1 Fix datepicker appearing behind modal edge bsc1209703 Fix datepicker layout shift on Highsta...

PT-2023-2605 · NetGear · Netgear Srx5308

Name of the Vulnerable Software and Affected Versions: Netgear SRX5308 versions up to 4.3.5-3 Description: A vulnerability was found in the Web Management Interface of Netgear SRX5308, due to insufficient input validation. This allows a remote attacker to conduct a cross-site scripting attack by...

Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2023-102-01)

The version of mozilla-thunderbird installed on the remote host is prior to 102.10.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-102-01 advisory. - OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and...

Sielco Radio Link 2.06 Cross Site Request Forgery

CSRF Add Admin: --------------- input type="hidden" name="user2...

CVE-2023-1939

No access control for the OTP key on OTP entries in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allows non admin users to see OTP keys via the user interface...

CVE-2023-1939 No access control for the OTP key on OTP entries

No access control for the OTP key on OTP entries in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allows non admin users to see OTP keys via the user interface...

The vulnerability of Microsoft Edge browser, related to information representation errors in the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of Microsoft Edge relates to information representation errors in the user interface. Exploiting this vulnerability can allow a remote attacker to perform spear-phishing attacks...

KLA48841 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to spoof user interface, cause denial of service, execute arbitrary code, obtain sensitive information, bypass security restrictions. Below is a complete list of vulnerabilities: 1...

KLA48843 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges, spoof user interface. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability...

KLA48842 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service, obtain sensitive information, spoof user interface, bypass security restrictions. Below is a...

KLA48839 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code, cause denial of service, obtain sensitive information, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Security ...

PT-2023-2422 · Microsoft · Visual Studio

Name of the Vulnerable Software and Affected Versions: Microsoft Visual Studio affected versions not specified Description: The issue is related to errors in the representation of information by the user interface, which can allow an attacker to conduct spoofing attacks. It has been reported that...

KLA48823 Multiple vulnerabilities in Microsoft Office

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Microsoft Word can be exploited remotely to execute...

ServiceNow UI 跨站脚本漏洞

ServiceNow UI is the display interface for ServiceNow. A cross-site scripting vulnerability exists in ServiceNow UI, which stems from a cross-site scripting XSS vulnerability...

The vulnerability of Google Chrome’s Picture In Picture technology, which allows a hacker to perform a spoofing attack

The vulnerability of Google Chrome’s Picture In Picture technology is related to information representation errors in the user interface. Exploiting this vulnerability can allow a malicious actor to perform a spoofing attack using a specially created web page...

CVE-2023-0580

Insecure Storage of Sensitive Information vulnerability in ABB My Control System on-premise allows an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application. Of the services that make up the My Control System...

CVE-2023-0580

Insecure Storage of Sensitive Information vulnerability in ABB My Control System on-premise allows an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application. Of the services that make up the My Control System...

CVE-2023-0580 Information Disclosure vulnerability in My Control System (on-premise)

Insecure Storage of Sensitive Information vulnerability in ABB My Control System on-premise allows an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application. Of the services that make up the My Control System...

PT-2023-2206 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based affected versions not specified Description: The issue is related to errors in the representation of information by the user interface. It may allow a remote attacker to conduct spoofing attacks. Recommendations:...

CVE-2023-20068

A vulnerability in the web-based management interface of Cisco Prime Infrastructure Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface on an affected device. This vulnerability is due to insufficient...