[SECURITY] [DSA 5273-1] webkit2gtk security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5273-1 [email protected] https://www.debian.org/security/ Alberto Garcia November 08, 2022 https://www.debian.org/security/faq -...

webkitgtk: malicious content may lead to UI spoofing

A vulnerability was found in webkit. This issue occurs when visiting a website that frames malicious content, which may lead to UI spoofing...

PT-2022-5450 · Microsoft · Sharepoint Foundation +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Foundation, SharePoint Server, and SharePoint Enterprise Server affected versions not specified Description: The issue is related to errors in the user interface's representation of information. It may allow a remote...

Huawei EMUI 输入验证错误漏洞

Huawei EMUI is an Android-based mobile operating system developed by the Chinese company Huawei Huawei. A denial of service vulnerability exists in Huawei EMUI 12.0.0, which stems from a lack of parameter type validation in the DRM module, and can be exploited by an attacker to affect the...

PT-2022-5629 · Microsoft · Exchange Server

Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server affected versions not specified Description: The issue is related to errors in the representation of information by the user interface, which can be exploited by a remote attacker to perform a spoofing attack. This c...

KLA20044 Multiple vulnerabilities in Microsoft Office

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: 1. A remote code execution...

Object First 安全特征问题特征问题漏洞

Object First is a Veeam best-of-breed storage solution from Object First. A security feature issue vulnerability exists in Object First version 1.0.7.712, which stems from JWT tokens using keys generated by functions that do not produce cryptographically strong sequences, which can be predicted b...

CVE-2022-30615

"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227592...

CVE-2022-35642

"IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227592."...

PT-2022-22937 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted sessio...

PT-2022-20207 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted sessio...

IBM InfoSphere Information Server 跨站脚本漏洞

IBM InfoSphere Information Server is a data integration platform from IBM in the United States. The platform can be used to integrate data information obtained from various sources. IBM InfoSphere Information Server version 11.7 contains a cross-site scripting vulnerability. An attacker could...

The vulnerability of Microsoft Office packages, related to errors in information representation by the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of Microsoft Office packages is related to errors in information representation by the user interface. Exploiting this vulnerability can allow attackers to perform spear-phishing attacks remotely...

CVE-2022-42799

The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing...

CVE-2022-42799

The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing...

DEBIAN-CVE-2022-42799

The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing...

DEBIAN-CVE-2022-3318

Use after free in ChromeOS Notifications in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker who convinced a user to reboot Chrome OS to potentially exploit heap corruption via UI interaction. Chromium security severity: Low...

CVE-2022-3311

Use after free in import in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2022-42799

The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing...

UBUNTU-CVE-2022-42799

The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing...