KLA12305 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. A memory safety vulnerability can b...

KLA12303 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. A memory safety vulnerability can be...

Telegram 安全漏洞

Telegram is an instant messaging mobile application. A security vulnerability exists in the Telegram applications 7.5.0 through 7.8.0 that stems from a misleading UI indication that an image has been deleted on both the sender's and receiver's sides after using the self-destruct feature...

SUSE-SU-2021:14821-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: This update contains the Firefox Extended Support Release 91.1.0 ESR. Fixed: Various stability, functionality, and security fixes MFSA 2021-40 bsc1190269, bsc1190274: CVE-2021-38492: Navigating to mk: URL scheme could load Internet Explor...

CVE-2021-20554

IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

Ibm Sterling Order Management 跨站脚本漏洞

IBM Sterling Order Management is an order management system that allows companies to seamlessly synchronize and manage the entire lifecycle of orders.A cross-site scripting vulnerability exists in IBM Sterling Order Management versions 9.4, 9.5, and 10.0. An attacker could exploit the vulnerabili...

F-Secure Internet Gatekeeper Denial of Service Vulnerability

F-Secure Internet Gatekeeper is a gateway product that acts as a virus scanning agent for HTTP, SMTP, POP, and FTP protocols. a denial of service vulnerability exists in the web user interface of F-Secure Internet Gatekeeper version 5 Series. An attacker could exploit the vulnerability by sending...

CVE-2021-33600

The CVE-2021-33600 entry describes a DoS in the web UI of F-Secure Internet Gatekeeper. An unauthenticated, remote attacker can trigger an assertion by sending a malformed HTTP request with a very large username parameter, potentially taking the product offline. Several connected sources (e.g., R...

F-Secure Internet Gatekeeper代码注入漏洞

F-Secure Internet Gatekeeper is a gateway product that acts as a virus scanning agent for HTTP, SMTP, POP, and FTP protocols.An arbitrary code execution vulnerability exists in the Web user interface of F-Secure Internet Gatekeeper version 5 Series. The vulnerability can be exploited by an attack...

in collectiveaccess/providence

Description Sensitive Data can be exposed even after logouting the application due to ui wrong action Proof of Concept 1 login to the application dashboard https://demo.collectiveaccess.org 2 Goto Any pages dashboard,administrations etc 3 Click logout 4 Click browser back button Impact Any other...

Grav-Plugin-Admin 访问控制错误漏洞

Grav-Plugin-Admin is an admin plugin. It is used to configure Grave pages. An Access Control Error vulnerability exists in grav-plugin-admin that stems from improper restrictions in the product's UI layer and framework...

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI Cross-Site Scripting Vulnerability (CNVD-2021-94312)

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbusGUI are both products of IBM Corporation, U.S.A. IBM Jazz for Service Management is an integrated service management product that provides visibility into the service management environment. IBM Tivoli Netcool/OMNIbusGUI is a graphical...

CVE-2021-29905

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbusGUI is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a truste...

CVE-2021-29810

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbusGUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

CVE-2021-29800

IBM Tivoli Netcool/OMNIbusGUI and IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

CVE-2021-20484

IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID...

CVE-2021-22953

A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team"...

IBM Aspera 跨站脚本漏洞

IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from IBM U.S. A cross-site scripting vulnerability exists in IBM Aspera Cloud, which could be exploited by an attacker to embed arbitrary JavaScript code in the Web UI to alter the intended...

Concrete CMS 跨站请求伪造漏洞

PortlandLabs Concrete Cms is a team-oriented open source content management system from PortlandLabs, Inc. in the United States. Concrete CMS suffers from a cross-site request forgery vulnerability that allows an attacker to exploit the vulnerability to clone themes, which could lead to an...

Github elvish 访问控制错误漏洞

Github elvish is an expressive programming language and versatile interactive shell combined into one seamless package. A security vulnerability exists in the elvish web UI prior to version 0.14.0 that stems from the backend not properly checking the origin of requests. If a user opens the web UI...