Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite is an extension of the original Application ERP and includes a collection of ERP Enterprise Resource Planning Management, HR Human Resource Management, CRM Customer Relationship Management and other applications that are seamlessly integrated into one management suite...

OPENSUSE-SU-2021:3451-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: This update contains the Firefox Extended Support Release 91.2.0 ESR. Release 91.2.0 ESR: Fixed: Various stability, functionality, and security fixes MFSA 2021-45 bsc1191332: CVE-2021-38496: Use-after-free in MessageTask CVE-2021-38497:...

Nagios XI Cross-Site Scripting Vulnerability (CNVD-2021-90909)

Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting, and rich data visualization.A reflective cross-site scripting vulnerability exists in the generic user interface of versions of Nagios XI prior to 5.8.4. An...

The vulnerability of Microsoft SharePoint Server’s software packages, related to errors in information presentation by the user interface, allows attackers to carry out spoofing attacks.

The vulnerability of Microsoft SharePoint Server packages is related to errors in information presentation by the user interface. Exploiting this vulnerability can allow a malicious actor to carry out spoofing attacks remotely...

The vulnerability of Microsoft SharePoint Server packages, related to errors in information presentation by the user interface, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of Microsoft SharePoint Server packages is related to errors in information presentation by the user interface. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

Cross site scripting

The general user interface in Nagios XI versions prior to 5.8.4 is vulnerable to authenticated reflected cross-site scripting. An authenticated victim, who accesses a specially crafted malicious URL, would unknowingly execute the attached payload...

com.beirtipol:jfixtools-reporting (=1.0-BETA), com.beirtipol:jfixtools-ui-vaadin (=1.0-BETA) +109 more potentially affected by CVE-2021-31412 via com.vaadin:flow-server (>=3.0.0 <=6.0.1)

com.vaadin:flow-server MAVEN version =3.0.0, =1.1.6, =15.0.0, =15.0.0, =0.17.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =5.0.0, =6.0.1 and more Source cves: CVE-2021-31412 Source advisory: OSV:GHSA-FR26-QJC8-MVJX...

PT-2021-4376 · Microsoft · Sharepoint Server

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: The issue is related to errors in the user interface's representation of information. It may allow a remote attacker to conduct spoofing attacks, affecting the system...

PT-2021-4396 · Microsoft · Sharepoint Server

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: The issue is related to errors in the user interface's information display. It may allow a remote attacker to gain unauthorized access to protected information. The...

KLA12310 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, bypass security restrictions, obtain sensitive information, spoof user interface, execute arbitrary code, cause denial of service. Below is a complete list of...

KLA12313 Multiple vulnerabilities in Microsoft Dynamics

Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to perform cross-site scripting attack, spoof user interface. Below is a complete list of vulnerabilities: 1. A cross-site-scripting XSS vulnerability in Microsoft Dynamics 365 can be...

KLA12316 Multiple vulnerabilities in Microsoft Office

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in Rich Text Edit Contr...

PT-2021-4750 · Microsoft · Active Directory Federation Services +1

Name of the Vulnerable Software and Affected Versions: Active Directory Federation Server versions affected versions not specified Description: The issue is related to errors in the representation of information by the user interface in Active Directory Federation Services AD FS in Microsoft...

KLA12314 Multiple vulnerabilities in Microsoft Server Software

Multiple vulnerabilities were found in Microsoft Server Software. Malicious users can exploit these vulnerabilities to gain privileges, spoof user interface, execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in...

SUSE-SU-2021:3331-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: This update contains the Firefox Extended Support Release 91.2.0 ESR. Firefox Extended Support Release 91.2.0 ESR Fixed: Various stability, functionality, and security fixes MFSA 2021-45 bsc1191332 CVE-2021-38496: Use-after-free in...

OPENSUSE-SU-2021:1339-1 Security update for chromium

This update for chromium fixes the following issues: Chromium 94.0.4606.54 boo1190765: CVE-2021-37956: Use after free in Offline use CVE-2021-37957: Use after free in WebGPU CVE-2021-37958: Inappropriate implementation in Navigation CVE-2021-37959: Use after free in Task Manager CVE-2021-37960:...

Security update for MozillaFirefox (important)

openSUSE Security Update: Security update for MozillaFirefox Announcement ID: openSUSE-SU-2021:3331-1 Rating: important References: 1188891 1189547 1190269 1190274 1190710 1191332 Cross-References: CVE-2021-29980 CVE-2021-29981 CVE-2021-29982 CVE-2021-29983 CVE-2021-29984 CVE-2021-29985...

IBM Sterling B2B Integrator Input Validation Error Vulnerability

IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with different partner communities. IBM Sterling B2B Integrator Standard Edition prior to...

TYPO3 cross-site request forgery vulnerability

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. URL redirect is a URL redirection extension plugin used in it. TYPO3 is vulnerable to cross-site request forgery, which stems from a software feature that allows users to create and share...

Code injection

IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 196944...