CVE-2021-39074

IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

gnome-control-center bug fix and enhancement update

An update is available for gnome-control-center. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gnome-control-center package contains configuration utilitie...

Motorola Solutions ACE1000 数据伪造问题漏洞

The Motorola Solutions ACE1000 is a remote terminal unit RTU from Motorola Solutions USA. The Motorola Solutions ACE1000 RTU is vulnerable to a data forgery issue, which arises from an attacker communicating with the Motorola ACE1000 RTU via SSH or Web UI, who could push a malicious firmware imag...

The vulnerability of the User Interface component of the Oracle Transportation Management software allows a perpetrator to gain access to read data or modify data.

The vulnerability of the User Interface component of the Oracle Transportation Management software is related to errors in the code. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to data or modify data using HTTP requests...

CVE-2021-39047

IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

IBM Robotic Process Automation 跨站脚本漏洞

IBM Robotic Process Automation is a robotic process automation product from IBM, Inc. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. IBM Robotic Process Automation versions 21.0.1 and 21.0.2 contain a cross-site scripting vulnerability th...

PT-2022-10865 · Ibm · Ibm Cognos Analytics +1

Name of the Vulnerable Software and Affected Versions: IBM Planning Analytics version 2.0 IBM Cognos Analytics versions 11.1.7 through 11.2.1 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to...

The vulnerability of the Cast UI interface in Google Chrome and Microsoft Edge browsers allows a hacker to execute arbitrary code.

The vulnerability of the Cast UI interface in Google Chrome and Microsoft Edge browsers is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

Malicious Package

Overview remote-ui is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

Open Redirect

Description The Greenlight end-user interface is vulnerable to Open Redirect vulnerability in Login page due to unchecked the value of returnto cookie. Proof of Concept Original request example POST /gl/u/login HTTP/1.1 Host: demo.bigbluebutton.org Cookie:...

Red Hat OpenShift 安全特征问题特征问题漏洞

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying, and running applications. Red Hat OpenShift GitOps 1.5 suffers from a Security Feature Issue vulnerability that stems from vulnerability to various attacks whe...

CVE-2022-22502

IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

The vulnerability of the Yandex Browser Lite browser for Android allows a hacker to replace the value of the URL bar with a spoofing IDN.

The vulnerability of the Yandex Browser Lite browser for Android is related to errors in information representation by the user interface. Exploiting this vulnerability allows a malicious actor to remotely replace values in the address bar using IDN spoofing techniques...

The vulnerability of the Microsoft Power BI component of the Microsoft On-Premises Data Gateway allows attackers to perform spoofing attacks.

The vulnerability of the Microsoft Power BI local data gateway’s component is related to errors in information presentation by the user interface. Exploiting this vulnerability allows a malicious actor to perform spoofing attacks remotely...

The vulnerability of the client device during the installation and preliminary configuration of new devices under Windows Autopilot of the Microsoft operating system allows attackers to perform spear-phishing attacks.

The vulnerability of the client software for installing and preliminarily configuring new devices under Windows Autopilot of the Microsoft operating system is related to information representation errors in the user interface. Exploiting this vulnerability allows a malicious actor to perform...

Malicious code in merlin-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 50d7dcf4fcdd9219988153659111f9f161edaceb483c6642ac3ef3c334038c31 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in music-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c3e5a29f1e03c908a98561322b9a9d17c15b951f7e1a38ae5f4c3d82eb29ab4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in user-interface-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1c5a0783b96928ab62b11cc5d3c6db94b32b6e990639a8727e1e0ae980d8caa1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6864 Malicious code in user-interface-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1c5a0783b96928ab62b11cc5d3c6db94b32b6e990639a8727e1e0ae980d8caa1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in turicreate-user-interface (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 66815d0d6c4ce398580f69bbe13619f1625d74b8e19c5389f6157479e1f1b3d0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...