多款Dell产品安全漏洞

Dell Unity and Dell UnityXT are both products of Dell Incorporated Dell, U.S.A. Dell Unity is a set of virtual Unity storage environments.Dell UnityXT is a set of virtual Unity storage environments. A security vulnerability exists in Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to...

Malicious code in perfetto-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a6100763973b89540aee1624736a341bc237fd9d4e58872345d6b8b8780fc754 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2022-2864 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based affected versions not specified Description: The issue is related to errors in the representation of information by the user interface, which can allow a remote attacker to conduct spoofing attacks...

KLA12546 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, cause denial of service, spoof user interface, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Denia...

KLA12548 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. Inappropriate implementation vulnerability in...

KLA12547 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, cause denial of service, spoof user interface, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Denia...

The vulnerability of the UI Foundations component in Google Chrome allows a hacker to execute arbitrary code.

The vulnerability of the UI Foundations component in Google Chrome browser relates to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created web page from a remote location...

CVE-2022-20671

Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector CSPC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient...

Cross site scripting

Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector CSPC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient...

Cross site scripting

Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector CSPC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient...

Cross site scripting

Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector CSPC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient...

CVE-2022-20674 Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector CSPC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient...

CVE-2022-20672 Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector CSPC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient...

CVE-2022-20669 Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector CSPC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient...

CVE-2022-20669 Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector CSPC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient...

jquery-ui: XSS in *Text options of the datepicker widget

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various Text options are now alway...

jquery-ui: XSS in the 'of' option of the .position() util

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS...

Virtuozzo Hybrid Infrastructure 5.1 (5.1.0-206)

In this release, Virtuozzo Hybrid Infrastructure provides a wide range of new features that enhance service providers' interoperability and help to expand their services. The improvements cover compute services, security, core storage, and the user interface. Additionally, this release delivers...

Security update for cacti, cacti-spine (moderate)

openSUSE Security Update: Security update for cacti, cacti-spine Announcement ID: openSUSE-SU-2022:0145-1 Rating: moderate References: 1192408 1196692 Cross-References: CVE-2022-0730 CVSS scores: CVE-2022-0730 NVD : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux...

CVE-2021-32958 Claroty Secure Remote Access Site - Authentication Bypass Using an Alternate Path or Channel

Successful exploitation of this vulnerability on Claroty Secure Remote Access SRA Site versions 3.0 through 3.2 allows an attacker with local command line interface access to gain the secret key, subsequently allowing them to generate valid session tokens for the web user interface UI. With acces...