CVE-2022-22320

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 218367...

Microsoft Tablet Windows User Interface 竞争条件问题漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A vulnerability exists in the Microsoft Tablet Windows User Interface for competitive conditions. The following products and versions are affected: Windows Server, version 20H2 Server Cor...

SUSE-SU-2022:1582-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: This update contains the Firefox Extended Support Release 91.1.0 ESR. Fixed: Various stability, functionality, and security fixes MFSA 2021-40 bsc1190269, bsc1190274: CVE-2021-38492: Navigating to mk: URL scheme could load Internet Explor...

CVE-2022-23332

Command injection vulnerability in Manual Ping Form Web UI in Shenzhen Ejoin Information Technology Co., Ltd. ACOM508/ACOM516/ACOM532 609-915-041-100-020 allows a remote attacker to inject arbitrary code via the field...

CVE-2022-23332

Command injection vulnerability in Manual Ping Form Web UI in Shenzhen Ejoin Information Technology Co., Ltd. ACOM508/ACOM516/ACOM532 609-915-041-100-020 allows a remote attacker to inject arbitrary code via the field...

Shenzhen Ejoin Information Technology Manual Ping Form 代码注入漏洞

Shenzhen Ejoin Information Technology Manual Ping Form is a manual ping form component from Shenzhen Ejoin Information Technology Shenzhen, China. A code injection vulnerability exists in Manual Ping Form Web UI, which originates from a command injection issue in the Web UI of Manual Ping Form. A...

PT-2022-15936 · Shenzhen Ejoin Information Technology Co. · Acom532 +2

Name of the Vulnerable Software and Affected Versions: Shenzhen Ejoin Information Technology Co., Ltd. ACOM508/ACOM516/ACOM532 versions 609-915-041-100-020 Description: A command injection issue exists in the Manual Ping Form of the Web UI, allowing a remote attacker to inject arbitrary code via ...

PT-2022-9852 · Hcl +1 · Hcl Bigfix Webui +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns a cookie without the HTTPONLY flag set. It is mentioned that NUMBER cookies was set without Secure or HTTPOnly flags. The images show...

CVE-2022-25780

Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope...

CVE-2022-25781

Cross-site Scripting XSS vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session...

CVE-2022-25778

Cross-Site Request Forgery CSRF vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session...

CVE-2022-25778

Cross-Site Request Forgery CSRF vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session...

The vulnerability of Visual Studio Code’s source editor, related to errors in information representation on the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of Visual Studio Code’s source editor is related to errors in information representation by the user interface. Exploiting this vulnerability can allow attackers to perform spoofing attacks...

Secomea GateManager 安全漏洞

Secomea GateManager is a remote access server product from the Danish company Secomea. security vulnerability exists in versions prior to Secomea GateManager 9.7, which stems from improper handling of permissions in Secomea GateManager's Web UI, and could be exploited to allow logged-in users to...

CVE-2022-20628

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of...

CVE-2022-20628 Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of...

KLA12521 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, bypass security restrictions, spoof user interface, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Memory safety...

KLA12522 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to spoof user interface, obtain sensitive information, bypass security restrictions, gain privileges, cause denial of service, execute arbitrary code. Below is a complete list of...

KLA12520 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, bypass security restrictions, spoof user interface, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Memory safety...

OPENSUSE-SU-2022:0123-1 Security update for opera

This update for opera fixes the following issues: Update to 86.0.4363.23: - CHR-8843 Update chromium on desktop-stable-100-4363 to 100.0.4896.127 - DNA-98236 Turn on snap-text-selection on all streams - DNA-98507 DCHECK at addressbarcontroller.cc547 - DNA-98528 Suggestions for internal pages...