CVE-2022-1860

Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user interactions...

CVE-2022-2310

An authentication bypass vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.12, 9.x prior to 9.2.23, 8.x prior to 8.2.28, and controlled release 11.x prior to 11.2.1 allows a remote attacker to bypass authentication into the administration User Interface. This is possible because of...

CVE-2022-2310

CVE-2022-2310 affects Skyhigh SWG. An authentication bypass allows remote login to the admin UI due to improper whitelisting of bypass methods and a weak crypto password. Affected versions include Skyhigh SWG 8.x–8.2.27, 9.x–9.2.22, 10.x–10.2.11, and 11.x–11.2.0. Remediation: upgrade to 8.2.28+, ...

CVE-2022-2310 Skyhigh SWG Authentication bypass vulnerability

An authentication bypass vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.12, 9.x prior to 9.2.23, 8.x prior to 8.2.28, and controlled release 11.x prior to 11.2.1 allows a remote attacker to bypass authentication into the administration User Interface. This is possible because of...

CVE-2022-30272

The Motorola ACE1000 RTU through 2022-05-02 mishandles firmware integrity. It utilizes either the STS software suite or ACE1000 Easy Configurator for performing firmware updates. In case of the Easy Configurator, firmware updates are performed through access to the Web UI where file system, kerne...

DEBIAN-CVE-2022-1634

Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who had convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific user interactions...

DEBIAN-CVE-2022-1640

Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page...

CVE-2022-1634

Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who had convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific user interactions...

CVE-2022-1495

Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a remote attacker to spoof the APK downloads dialog via a crafted HTML page...

CVE-2022-1633

Use after free in Sharesheet in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions...

UBUNTU-CVE-2022-1640

Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page...

KLA12594 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code, cause denial of service, obtain sensitive information, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Security ...

DEBIAN-CVE-2022-1143

Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools...

CVE-2022-1131

Use after free in Cast UI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2022-1142

Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools...

CVE-2022-2511

Cross-site Scripting XSS vulnerability in the "commonuserinterface" component of BlueSpice allows an attacker to inject arbitrary HTML into a page using the title parameter of the call URL...

BlueSpice 跨站脚本漏洞

BlueSpice is free Wiki software from BlueSpice based on the MediaWiki engine. A security vulnerability exists in the BlueSpice 4.x series of releases, which stems from a commonuserinterface component that allows an attacker to inject arbitrary HTML into a page using the title parameter of the...

Malicious code in deere-ui-framework (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c6940c9549e013e891d99e764d6bb8489338b51a629bb4f4c4976b3b34213927 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Important: Red Hat Security Advisory: Red Hat Virtualization security, bug fix, and enhancement update [ovirt-4.5.1]

An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System...

CVE-2022-20916 Cisco IoT Control Center Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco IoT Control Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly...