8110 matches found
CVE-2020-4856
IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190459...
KLA12107 Multiple vulnerabilities in Microsoft Browser
Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, bypass security restrictions, spoof user interface, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An...
PT-2021-14345 · Google +2 · Google Chrome +2
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 89.0.4389.72 Description: The issue allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. This was due to an out of bounds read in the WebUI Settings in Google Chrome. The...
Hitachi ABB Power Grids Ellipse EAM
1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Hitachi ABB Power Grids Equipment: Ellipse EAM Vulnerabilities: Cross-site Scripting, User Interface Misrepresentation of Critical Information 2. RISK EVALUATION Successful exploitation of these...
SUSE-SU-2021:0661-1 Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 78.8 fixed: Importing an address book from a CSV file always reported an error fixed: Security information for S/MIME messages was not displayed correctly prior to a draft being saved fixed: Calendar: FileLink UI...
@fluentui/token-pipeline (>=0.3.3 <=0.22.0), @inmotionnow/momentum-components (>=91.0.0 <=102.34.1) +5 more potentially affected by unknown CVE via style-dictionary (>=2.10.0 <=2.10.2)
style-dictionary NPM version =2.10.0, =0.3.3, =91.0.0, =1.0.2, =0.1.0, =0.0.2, =1.0.0, =1.6.7 - digix-ui =3.0.0 Source cves: unknown CVE Source advisory: SNYK:JS-STYLEDICTIONARY-1080632...
CVE-2020-4975
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192435...
IBM Application Performance Management Security Vulnerability
IBM Application Performance Management APM is a suite of IT service management software from IBM in the United States. The software is primarily used to monitor and manage cloud, on-premise and hybrid applications, and IT infrastructure. A security vulnerability exists in the IBM Application...
IBM Monitoring 安全漏洞
IBM Monitoring is an application service from IBM USA. It provides a cloud monitoring feature. IBM Monitoring suffers from a file tampering vulnerability that allows an authenticated user to modify HTML content by sending a specially crafted HTTP request to the APM UI. No detailed vulnerability...
IBM Engineering Requirements Management DOORS Next 跨站脚本漏洞
IBM Engineering Requirements Management DOORS Next is a scalable solution from International Business Machines Corporation IBM. The solution helps you capture, track, analyze, and manage systems and advanced IT application development. A cross-site scripting vulnerability exists in IBM Engineerin...
IBM Engineering Requirements Quality Assistant 跨站脚本漏洞
IBM Engineering Requirements Quality Assistant is a Watson AI based software from IBM USA used to assist developers in improving the quality of engineering requirements. A cross-site scripting vulnerability exists in IBM Engineering Requirements Quality Assistant. An attacker can exploit the...
IBM Engineering Workflow Management 跨站脚本漏洞
IBM Engineering Workflow Management EWM is a team collaboration tool that integrates a variety of development tasks, including iteration planning, process definition, change management, defect tracking, source code control, build automation, and reporting. A cross-site scripting vulnerability...
IBM Engineering Requirements Quality Assistant 跨站脚本漏洞
IBM Engineering Test Management is a collaborative quality management solution that provides end-to-end test planning and test asset management with broad coverage from requirements to defects. A cross-site scripting vulnerability exists in IBM Engineering Test Management. An attacker could explo...
IBM Jazz Foundation 跨站脚本漏洞
IBM Jazz Foundation is a next-generation collaboration platform for software delivery technology from International Business Machines Corporation IBM. IBM Jazz Foundation suffers from a cross-site scripting vulnerability that can be exploited by an attacker to embed arbitrary JavaScript code in t...
Microsoft Windows Win32k Security Feature Issue Vulnerability
Microsoft Microsof Windows Win32k is an operating system from the American company Microsoft. It provides a multitasking graphical user interface. Microsoft Windows Win32k is vulnerable to a security signature issue. No detailed vulnerability details are provided at this time...
KLA12090 Multiple vulnerablities in Mozilla Firefox
Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, obtain sensitive information, execute arbitrary code, spoof user interface, perform cross-site scripting attack. Below is a complete...
The vulnerability of the Downloads function in Google Chrome web browsers allows a hacker to circumvent existing security restrictions.
The vulnerability of the Downloads function in the Google Chrome web browser is related to an improper limitation on the displayed layers of the user interface. Exploiting this vulnerability could allow a malicious actor to bypass existing security restrictions remotely...
The vulnerability of Skype for Business Server (Microsoft Lync Server) in corporate communication servers, related to the lack of protection for operational data, allows attackers to carry out spoofing attacks.
The vulnerability of Skype for Business Server Microsoft Lync Server corporate communication servers is related to errors in information representation by the user interface. Exploiting this vulnerability can allow attackers to perform spoofing attacks remotely...
The vulnerability of Microsoft Exchange Server servers, related to the false representation of information by the user interface, allows attackers to perform spear-phishing attacks.
The vulnerability of Microsoft Exchange Server is related to the false representation of information by the user interface. Exploiting this vulnerability allows a malicious actor to perform spear-phishing attacks remotely...
The vulnerability of Microsoft Exchange Server is related to the lack of protection for service data, which allows attackers to carry out spoofing attacks.
The vulnerability of Microsoft Exchange Server servers is related to errors in information representation by the user interface. Exploiting this vulnerability can allow a malicious actor to perform spear-phishing attacks remotely...