Lucene search
K

8110 matches found

OSV
OSV
added 2021/03/04 7:15 p.m.4 views

CVE-2020-4856

IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190459...

5.4CVSS6.2AI score0.00539EPSS
Exploits0References2
Kaspersky
Kaspersky
added 2021/03/04 12:0 a.m.46 views

KLA12107 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, bypass security restrictions, spoof user interface, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An...

8.8CVSS9.6AI score0.26525EPSS
Exploits24References36
Positive Technologies
Positive Technologies
added 2021/03/02 12:0 a.m.2 views

PT-2021-14345 · Google +2 · Google Chrome +2

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 89.0.4389.72 Description: The issue allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. This was due to an out of bounds read in the WebUI Settings in Google Chrome. The...

9.6CVSS7.6AI score0.70435EPSS
Exploits72References368
ICS
ICS
added 2021/03/02 12:0 a.m.88 views

Hitachi ABB Power Grids Ellipse EAM

1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Hitachi ABB Power Grids Equipment: Ellipse EAM Vulnerabilities: Cross-site Scripting, User Interface Misrepresentation of Critical Information 2. RISK EVALUATION Successful exploitation of these...

6.1CVSS6.2AI score0.00598EPSS
Exploits0References5
OSV
OSV
added 2021/03/01 3:12 p.m.10 views

SUSE-SU-2021:0661-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 78.8 fixed: Importing an address book from a CSV file always reported an error fixed: Security information for S/MIME messages was not displayed correctly prior to a draft being saved fixed: Calendar: FileLink UI...

8.8CVSS7.2AI score0.01543EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2021/03/01 9:45 a.m.5 views

@fluentui/token-pipeline (>=0.3.3 <=0.22.0), @inmotionnow/momentum-components (>=91.0.0 <=102.34.1) +5 more potentially affected by unknown CVE via style-dictionary (>=2.10.0 <=2.10.2)

style-dictionary NPM version =2.10.0, =0.3.3, =91.0.0, =1.0.2, =0.1.0, =0.0.2, =1.0.0, =1.6.7 - digix-ui =3.0.0 Source cves: unknown CVE Source advisory: SNYK:JS-STYLEDICTIONARY-1080632...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2021/02/26 12:0 a.m.2 views

CVE-2020-4975

IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192435...

5.4CVSS5.8AI score0.00539EPSS
Exploits0References3Affected Software6
CNNVD
CNNVD
added 2021/02/26 12:0 a.m.4 views

IBM Application Performance Management Security Vulnerability

IBM Application Performance Management APM is a suite of IT service management software from IBM in the United States. The software is primarily used to monitor and manage cloud, on-premise and hybrid applications, and IT infrastructure. A security vulnerability exists in the IBM Application...

4CVSS5.8AI score0.00271EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/02/26 12:0 a.m.5 views

IBM Monitoring 安全漏洞

IBM Monitoring is an application service from IBM USA. It provides a cloud monitoring feature. IBM Monitoring suffers from a file tampering vulnerability that allows an authenticated user to modify HTML content by sending a specially crafted HTTP request to the APM UI. No detailed vulnerability...

4.3CVSS5.9AI score0.00661EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/02/26 12:0 a.m.6 views

IBM Engineering Requirements Management DOORS Next 跨站脚本漏洞

IBM Engineering Requirements Management DOORS Next is a scalable solution from International Business Machines Corporation IBM. The solution helps you capture, track, analyze, and manage systems and advanced IT application development. A cross-site scripting vulnerability exists in IBM Engineerin...

6.4CVSS6.7AI score0.00539EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/02/26 12:0 a.m.6 views

IBM Engineering Requirements Quality Assistant 跨站脚本漏洞

IBM Engineering Requirements Quality Assistant is a Watson AI based software from IBM USA used to assist developers in improving the quality of engineering requirements. A cross-site scripting vulnerability exists in IBM Engineering Requirements Quality Assistant. An attacker can exploit the...

5.4CVSS6.5AI score0.00541EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/02/26 12:0 a.m.5 views

IBM Engineering Workflow Management 跨站脚本漏洞

IBM Engineering Workflow Management EWM is a team collaboration tool that integrates a variety of development tasks, including iteration planning, process definition, change management, defect tracking, source code control, build automation, and reporting. A cross-site scripting vulnerability...

5.4CVSS6.5AI score0.00539EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/02/26 12:0 a.m.6 views

IBM Engineering Requirements Quality Assistant 跨站脚本漏洞

IBM Engineering Test Management is a collaborative quality management solution that provides end-to-end test planning and test asset management with broad coverage from requirements to defects. A cross-site scripting vulnerability exists in IBM Engineering Test Management. An attacker could explo...

6.4CVSS6.7AI score0.00539EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/02/26 12:0 a.m.4 views

IBM Jazz Foundation 跨站脚本漏洞

IBM Jazz Foundation is a next-generation collaboration platform for software delivery technology from International Business Machines Corporation IBM. IBM Jazz Foundation suffers from a cross-site scripting vulnerability that can be exploited by an attacker to embed arbitrary JavaScript code in t...

5.4CVSS6.4AI score0.00539EPSS
Exploits0References4
CNVD
CNVD
added 2021/02/26 12:0 a.m.14 views

Microsoft Windows Win32k Security Feature Issue Vulnerability

Microsoft Microsof Windows Win32k is an operating system from the American company Microsoft. It provides a multitasking graphical user interface. Microsoft Windows Win32k is vulnerable to a security signature issue. No detailed vulnerability details are provided at this time...

7.8CVSS7.6AI score0.78376EPSS
Exploits21References1
Kaspersky
Kaspersky
added 2021/02/23 12:0 a.m.53 views

KLA12090 Multiple vulnerablities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, obtain sensitive information, execute arbitrary code, spoof user interface, perform cross-site scripting attack. Below is a complete...

8.8CVSS9.2AI score0.01543EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2021/02/23 12:0 a.m.5 views

The vulnerability of the Downloads function in Google Chrome web browsers allows a hacker to circumvent existing security restrictions.

The vulnerability of the Downloads function in the Google Chrome web browser is related to an improper limitation on the displayed layers of the user interface. Exploiting this vulnerability could allow a malicious actor to bypass existing security restrictions remotely...

7.3CVSS6.9AI score0.03036EPSS
Exploits0References10Affected Software6
BDU FSTEC
BDU FSTEC
added 2021/02/23 12:0 a.m.6 views

The vulnerability of Skype for Business Server (Microsoft Lync Server) in corporate communication servers, related to the lack of protection for operational data, allows attackers to carry out spoofing attacks.

The vulnerability of Skype for Business Server Microsoft Lync Server corporate communication servers is related to errors in information representation by the user interface. Exploiting this vulnerability can allow attackers to perform spoofing attacks remotely...

6.5CVSS6.5AI score0.0162EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/02/23 12:0 a.m.4 views

The vulnerability of Microsoft Exchange Server servers, related to the false representation of information by the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of Microsoft Exchange Server is related to the false representation of information by the user interface. Exploiting this vulnerability allows a malicious actor to perform spear-phishing attacks remotely...

5.5CVSS7.1AI score0.04627EPSS
Exploits7References2
BDU FSTEC
BDU FSTEC
added 2021/02/23 12:0 a.m.4 views

The vulnerability of Microsoft Exchange Server is related to the lack of protection for service data, which allows attackers to carry out spoofing attacks.

The vulnerability of Microsoft Exchange Server servers is related to errors in information representation by the user interface. Exploiting this vulnerability can allow a malicious actor to perform spear-phishing attacks remotely...

6.4CVSS6.8AI score0.01817EPSS
Exploits0References3
Rows per page
Query Builder