KLA12351 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions, spoof user interface, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Use aft...

The vulnerability of the Windows Installer component on Microsoft Windows operating systems, which allows attackers to perform spoofing attacks

The vulnerability of the Windows Installer component in Microsoft Windows operating systems is related to information representation errors in the user interface. Exploiting this vulnerability can allow attackers to perform spoofing attacks...

The vulnerability of the Active Directory Federation Services (ADFS) service on Microsoft Windows operating systems, which allows attackers to perform spear-phishing attacks

The vulnerability of the Active Directory Federation Services ADFS for Microsoft Windows operating systems is related to information representation errors at the user interface level. Exploiting this vulnerability could allow a malicious actor to perform spear-phishing attacks remotely...

CVE-2021-38982

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

The vulnerability of the Windows Installer component on Microsoft Windows operating systems, which allows attackers to perform spoofing attacks

The vulnerability of the Windows Installer component in Microsoft Windows operating systems is related to information representation errors in the user interface. Exploiting this vulnerability can allow attackers to perform spoofing attacks...

PT-2021-7885 · Google +1 · Google Chrome +1

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 96.0.4664.45 Description: The issue is related to the Cast UI interface in Google Chrome, where errors in information representation by the user interface can be exploited. This can allow a remote attacker to...

CVE-2020-16152

The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file...

CVE-2021-26558

Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allows an attacker to inject outer link resources. This issue affects Apache ShardingSphere-UI Apache ShardingSphere-UI version 4.1.1 and later versions; Apache ShardingSphere-UI versions prior to 5.0.0...

IBM Security SiteProtector System 跨站脚本漏洞

IBM Security SiteProtector System is a centralized management system from IBM USA. It is used for unified management and analysis of network, server and desktop endpoint security agents and small networks or appliances. A security vulnerability exists in the IBM SiteProtector Appliance that allow...

November 9, 2021—KB5007236 (Monthly Rollup)

November 9, 2021—KB5007236 Monthly Rollup Summary Learn more about this security update, including improvements and fixes, any known issues, and how to get the update. Important: Windows 7, Windows Server 2008 R2, Windows Embedded Standard 7, and Windows Embedded POS Ready 7 have reached the end ...

Schneider Electric Eurotherm by Schneider Electric GUIcon 资源管理错误漏洞

Schneider Electric Eurotherm by Schneider Electric GUIcon is a suite of graphical user interface programming software from Schneider Electric France. Schneider Electric Eurotherm by Schneider Electric GUIcon suffers from a resource management error vulnerability that originates when a malicious...

KLA12342 Multiple vulnerabilities in Microsoft Server Software

Multiple vulnerabilities were found in Microsoft Server Software. Malicious users can exploit these vulnerabilities to perform cross-site scripting attack, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in Microsoft Exchange...

PT-2021-5262 · Microsoft · Exchange Server

Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server affected versions not specified Description: The issue is related to errors in the representation of information by the user interface, allowing a remote attacker to conduct spoofing attacks. This can affect the...

KLA12344 SUI vulnerability in Microsoft SQL Server

A spoofing vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2021-41372 Related products Microsoft-Power-BI CVE list CVE-2021-41372 critical KB list 5007903 Solution Install necessary updates from the K...

KLA12349 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in Microsoft Edge can be exploited remotely to spoof user interface...

PT-2021-5087 · Microsoft · Exchange Server

Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server affected versions not specified Description: The issue is related to errors in the representation of information by the user interface, allowing for spoofing attacks. It enables a remote attacker to affect the system...

KLA12338 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, spoof user interface. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in Azure RTOS can be exploited...

PT-2021-5002 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chrome based affected versions not specified Description: The issue is related to errors in the representation of information by the user interface in Microsoft Edge's IE Mode. It may allow a remote attacker to conduct spoofing...

CVE-2020-4153

IBM QRadar Network Security 5.4.0 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 1742...

IBM Security Guardium 跨站脚本漏洞

IBM Security Guardium is a suite of platforms from IBM in the United States that provide data protection capabilities. The platform includes features such as customized UI, report management and streamlined audit process building. A security vulnerability exists in IBM Security Guardium, which ca...