8021 matches found
K31044532: NGINX Controller vulnerability CVE-2020-5900
Security Advisory Description Insufficient cross-site request forgery CSRF protections for the NGINX Controller user interface. CVE-2020-5900 Impact An attacker can exploit this vulnerability by enticing a victim user to follow a malicious link. A successful exploit can allow the attacker to...
K13028514: NGINX Controller webserver vulnerability CVE-2020-5894
Security Advisory Description The NGINX Controller webserver does not invalidate the server-side session token after users log out. CVE-2020-5894 Impact An attacker that successfully extracted a valid session token can use it before it expires on the server-side, even if the valid user has logged...
K31301245: TMUI CSRF vulnerability CVE-2020-5904
Security Advisory Description A cross-site request forgery CSRF vulnerability in the Traffic Management User Interface TMUI, also referred to as the Configuration utility, exists in an undisclosed page. CVE-2020-5904 Impact An attacker may be able to use the session of an administrator user to...
USN-5881-1 chromium-browser vulnerabilities
It was discovered that Chromium did not properly manage memory. A remote attacker could possibly use these issues to cause a denial of service or execute arbitrary code via a crafted HTML page. CVE-2023-0471, CVE-2023-0472, CVE-2023-0473, CVE-2023-0696, CVE-2023-0698, CVE-2023-0699, CVE-2023-0702...
CVE-2023-25928
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247646...
The vulnerability of the Power BI report server, related to errors in information presentation by the user interface, allows a perpetrator to perform spear-phishing attacks.
The vulnerability of the Power BI report server is related to errors in the way information is presented by the user interface. Exploiting this vulnerability could allow a malicious actor to carry out spear-phishing attacks remotely...
MGASA-2023-0057 Updated thunderbird packages fix security vulnerability
User Interface lockup with messages combining S/MIME and OpenPGP. CVE-2023-0616 Content security policy leak in violation reports using iframes. CVE-2023-25728 Screen hijack via browser fullscreen mode. CVE-2023-25730 Arbitrary memory write via PKCS 12 in NSS. CVE-2023-0767 Potential use-after-fr...
Important: Red Hat Security Advisory: thunderbird security update
An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
Mozilla: User Interface lockup with messages combining S/MIME and OpenPGP
The Mozilla Foundation Security Advisory describes this flaw as: If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user'...
Mozilla: User Interface lockup with messages combining S/MIME and OpenPGP
The Mozilla Foundation Security Advisory describes this flaw as: If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user'...
Mozilla: User Interface lockup with messages combining S/MIME and OpenPGP
The Mozilla Foundation Security Advisory describes this flaw as: If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user'...
Mozilla: User Interface lockup with messages combining S/MIME and OpenPGP
The Mozilla Foundation Security Advisory describes this flaw as: If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user'...
Mozilla: User Interface lockup with messages combining S/MIME and OpenPGP
The Mozilla Foundation Security Advisory describes this flaw as: If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user'...
RHEL 9 : thunderbird (RHSA-2023:0823)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:0823 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.8.0. Security Fixes: Mozilla:...
Debian dla-3324 : thunderbird - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3324 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3324-1 [email protected]...
CVE-2022-43579
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...
CVE-2023-22868
IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244117...
IBM Sterling B2B Integrator 跨站脚本漏洞
IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with different partner communities.A cross-site scripting...
IBM Aspera Faspex 跨站脚本漏洞
IBM Aspera is an IBM FASP protocol-based fast file transfer and streaming solution from International Business Machines IBM. IBM Aspera Faspex version 4.4.1 contains a cross-site scripting vulnerability, which stems from a cross-site scripting vulnerability that could be exploited by an attacker ...
PT-2023-14258 · Ibm · Ibm Sterling B2B Integrator Standard Edition
Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator Standard Edition versions 6.0.0.0 through 6.0.3.7 IBM Sterling B2B Integrator Standard Edition versions 6.1.0.0 through 6.1.2.0 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI,...