CVE-2022-42799

The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing...

PYSEC-2022-42976

A stored cross-site scripting XSS vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI...

CVE-2022-42799

The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing...

CVE-2022-42799

The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing...

node-red-dashboard 跨站脚本漏洞

node-red-dashboard is a package for quickly creating real-time data dashboards. A security vulnerability exists in node-red-dashboard that stems from some unknown processing in the components/ui-component/ui-component-ctrl.js file in the component uitext Format Handler being affected, which could...

Error: "File too large" when upload customized login schema xml file to ADC

1. When add login schema via ADC cli, below erro will prompt: 2. When add login schema via, below GUI error will show:...

Tenable Network Security Nessus 安全漏洞

Tenable Network Security Nessus is an open source system vulnerability scanner from Tenable Network Security, USA. A security vulnerability exists in Nessus. An attacker can exploit this vulnerability to read Nessus debug log file attachments from the web UI without proper privileges...

About the security content of Safari 16.1

About the security content of Safari 16.1 This document describes the security content of Safari 16.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

Vulnerability of user interface elements in Google Chrome and Microsoft Edge, allowing attackers to execute arbitrary code

The vulnerability of user interface elements in Google Chrome and Microsoft Edge relates to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to execute arbitrary code remotely...

Oracle Primavera Unifier (Oct 2022 CPU)

The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory. - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering component: Document Management Apache Solr. Supported...

PT-2022-26675

Name of the Vulnerable Software and Affected Versions Cobalt Strike version 4.7.1 Description The issue arises from the failure to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible to remotely execute code in the Cobalt Strike UI...

CVE-2022-33919

Dell GeoDrive, versions 2.1 - 2.2, contains an information disclosure vulnerability in GUI. An authenticated non-admin user could potentially exploit this vulnerability and view sensitive information...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in Google Chrome versions prior to 106.0.5249.119. The vulnerability stems from the use of the Permissions API after release, and can be exploited by a remote attacker to trick a user into...

CVE-2022-34430

Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification...

PT-2022-5319 · Microsoft · Office

Name of the Vulnerable Software and Affected Versions: Microsoft Office affected versions not specified Description: The issue is related to errors in the representation of information by the user interface in Microsoft Office packages. Exploitation of this issue may allow a remote attacker to...

PT-2022-25827 · Metro Ui · Metro Ui

Name of the Vulnerable Software and Affected Versions: Metro UI versions 4.4.0 through 4.5.1 Description: The issue is related to a reflected cross-site scripting XSS vulnerability. This occurs via a Javascript function where user input is not properly sanitized before rendering in the textarea...

Dell Wyse ThinOS 安全漏洞

Wyse ThinOS is a specialized operating system for Dell servers from Dell USA. A security vulnerability exists in Wyse ThinOS that stems from the inclusion of a regular expression denial of service vulnerability in the UI, which can be exploited by an administrator privileged attacker to cause a...

PT-2022-5022 · Fortinet · Fortimanager +1

Name of the Vulnerable Software and Affected Versions: FortiAnalyzer and FortiManager GUI versions 5.6.0 through 5.6.11 FortiAnalyzer and FortiManager GUI versions 6.0.0 through 6.0.11 FortiAnalyzer and FortiManager GUI versions 6.2.0 through 6.2.9 FortiAnalyzer and FortiManager GUI versions 6.4....

PYSEC-2022-42983

In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API...

Apache Airflow 代码问题漏洞

Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. Apache Airflow 2.4.1 and earlier versions have a code issue vulnerability that stems from the failure of deactivated users to prevent authenticated users from continuing to use t...