8056 matches found
Cisco IOS XE Software 输入验证错误漏洞
Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. A denial of service vulnerability exists in the web UI of Cisco IOS XE. The vulnerability stems from insufficient error handling in the web UI. An attacker can exploit this...
Intel RST User Interface / Driver Privilege Escalation Exploit
Hi @ll, more than 2 years ago I disclosed 2 vulnerabilities leading to local escalation of privilege in the Intel® Rapid Storage Technology Intel® RST User Interface and Driver: see and Intel fixed this vulnerability only in their executable installer. Some time later Intel rewrote or rebuilt thi...
KLA12129 Multiple vulnerabilities in Mozilla Thunderbird
Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, spoof user interface, cause denial of service. Below is a complete list of vulnerabilities: 1. A memory safety vulnerability can b...
CVE-2021-22191
There's a flaw in Wireshark. An attacker who sends malicious links with schemes other than http/https over the wire or via a pcapng file, and who is able to get a victim user of Wireshark's user interface to click these links, could perform actions such as mounting volumes, or in some cases...
The vulnerability of the Google Chrome browser’s media component, which allows a hacker to access confidential data
The vulnerability of the Google Chrome browser’s media component is related to security issues with the user interface. Exploiting this vulnerability could allow a malicious actor to gain access to confidential data...
The vulnerability of the Google Chrome browser’s WebUI user interface allows a perpetrator to compromise data integrity.
The vulnerability of the WebUI user interface of Google Chrome is related to the lack of a mechanism for verifying entered data. Exploiting this vulnerability allows an attacker to compromise the integrity of data...
[SECURITY] Fedora 34 Update: gnome-shell-40.0~rc-1.fc34
GNOME Shell provides core user interface functions for the GNOME 3 desktop, like switching to windows and launching applications. GNOME Shell takes advantage of the capabilities of modern graphics hardware and introduces innovative user interface concepts to provide a visually attractive and easy...
[SECURITY] Fedora 34 Update: gnome-control-center-40~rc-1.fc34
This package contains configuration utilities for the GNOME desktop, which allow to configure accessibility options, desktop fonts, keyboard and mouse properties, sound setup, desktop theme and background, user interface properties, screen resolution, and other settings...
Fedora: Security Advisory for gnome-control-center (FEDORA-2021-303f6623fa)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Siemens Solid Edge Viewer Insufficient UI Warning Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Exploit for Path Traversal in F5 Big-Ip_Access_Policy_Manager
It is an offensive tool for Web applications. The primary CVE ID is 'CVE-2020-5902'. The target product/service is BIG-IP F5, and the vulnerability class/vector is Remote Code Execution RCE. The probable entry point is undisclosed pages in the Traffic Management User Interface TMUI, also referred...
OPENSUSE-SU-2021:0413-1 Security update for opera
This update for opera fixes the following issues: - Update to version 74.0.3911.203 - CHR-8324 Update chromium on desktop-stable-88-3911 to 88.0.4324.182boo1182358 - DNA-90762 Replace “Don’t show again” with “Discard” - DNA-90974 Crash at...
The vulnerability of Google Chrome’s user interface allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Google Chrome browser user interface is related to errors in cryptographic transformations. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
OPENSUSE-SU-2021:0410-1 Security update for crmsh
This update for crmsh fixes the following issues: - Update to version 4.3.0+20210305.9db5c9a8: Fix: bootstrap: Adjust qdevice configure/remove process to avoid race condition due to quorum lostbsc1181415 Dev: cibconfig: remove related code about detecting crmdiff support --no-verion Fix:...
F5 BIG-IQ 跨站脚本漏洞
F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, and load balancing from F5 USA. A cross-site scripting vulnerability exists in BIG-IQ, which could be exploited by an attacker using a specially crafted URL to reflect...
The vulnerability of the FortiMail email security system, related to deficiencies in authentication procedures, allows attackers to escalate their privileges.
The vulnerability of the FortiMail email security system is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to enhance their privileges by requesting a password change through the user interface...
F5 BIG-IP 安全漏洞
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. The TMUI remote command execution vulnerability in F5 BIGIP Appliance mode can be exploited by an attacker to execute arbitrar...
F5 BIG-IP 跨站脚本漏洞
F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. F5 BIG-IP suffers from a cross-site scripting vulnerability that can be exploited by an attacker to trigger cross-site scripti...
CVE-2020-29020
Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware...
IBM Engineering Test Management Cross-Site Scripting Vulnerability (CNVD-2021-14749)
IBM Engineering Test Management is a collaborative quality management solution that provides end-to-end test planning and test asset management with broad coverage from requirements to defects. A cross-site scripting vulnerability exists in IBM Engineering Test Management. An attacker could explo...