8109 matches found
KLA12049 Multiple vulnerabilities in Microsoft Browsers
Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in WebS...
CVE-2021-1142
Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory...
CVE-2021-1140
Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory...
CVE-2021-1141
Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory...
CVE-2021-2080
Vulnerability in the Oracle Configurator product of Oracle Supply Chain component: UI Servlet. Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attack...
Cisco Smart Software Manager 操作系统命令注入漏洞
Cisco Smart Software Manager Satellite is software designed to provide intelligent management of licenses. A command injection vulnerability exists in the WEB UI of Cisco Smart Software Manager Satellite 5.1.0 and prior versions. The vulnerability stems from the program not properly validating...
Oracle Supply Chain 和 Oracle Configurator 安全漏洞
Oracle Configurator is a sales and configuration product that provides the next generation of the latest configuration technology. An unspecified vulnerability exists in the UI Servlet component in Oracle Configurator 12.1, 12.2. An attacker could exploit this vulnerability to compromise...
Oracle Configurator 安全漏洞
Oracle Configurator is a sales and configuration product that provides the next generation of the latest configuration technology. An unspecified vulnerability exists in the UI Servlet component in Oracle Configurator 12.1, 12.2. An attacker could exploit this vulnerability to compromise...
CVE-2021-0220
The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser for example via XSS or access cached contents may be able to obtain a copy of...
Cross-Site Scripting (XSS)
Jenkins is vulnerable to cross-site scripting. The vulnerability existed because it does not escape button labels in the Jenkins UI...
CVE-2021-1238
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected system. The vulnerabilities exist because the...
CVE-2021-1130
A vulnerability in the web-based management interface of Cisco DNA Center software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface...
KLA12207 Security UI vulnerability in Cisco Jabber
A security UI vulnerability was found in Cisco Jabber. Malicious users can exploit this vulnerability to obtain sensitive information, spoof user interface. Original advisories Cisco Jabber and Webex Client Software Shared File Manipulation Vulnerability Related products Cisco-Jabber CVE list...
CVE-2021-21448
SAP GUI for Windows, version - 7.60, allows an attacker to spoof logon credentials for Application Server ABAP backend systems in the client PCs memory. Under certain conditions the attacker can access information which would otherwise be restricted. The exploit can only be executed locally on th...
Marvell QConvergeConsole GUI Authorization Issues Vulnerability
Marvell QConvergeConsole QCC is a unified adapter management software across data centers from Marvell. The software is primarily used for Ethernet and Fibre Channel adapter management, among other things. A security vulnerability exists in the Marvell QConvergeConsole GUI version 5.5.0.74 and...
KLA12039 ACE vulnerability in Microsoft Browsers
A memory corruption vulnerability was found in Microsoft Browsers. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2021-1705 Related products Microsoft-Edge CVE list CVE-2021-1705 critical KB list 4598243 4598231 4598229 4598242 4598230 4598245...
KLA12042 Multiple vulnerabilities in Microsoft Office
Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, gain privileges. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Microsoft Word can be exploited...
KLA12038 SUI vulnerability in Microsoft Azure
A spoofing vulnerability was found in Microsoft Azure. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2021-1677 Related products Microsoft-Azure CVE list CVE-2021-1677 high KB list Solution Install necessary updates from the KB section, that are...
IBM Engineering Workflow Management Cross-Site Scripting Vulnerability (CNVD-2021-03015)
IBM Engineering Workflow Management EWM is a team collaboration tool that integrates a variety of development tasks, including iteration planning, process definition, change management, defect tracking, source code control, build automation, and reporting. A cross-site scripting vulnerability...
IBM Engineering Workflow Management Cross-Site Scripting Vulnerability (CNVD-2021-03014)
IBM Engineering Workflow Management EWM is a team collaboration tool that integrates a variety of development tasks, including iteration planning, process definition, change management, defect tracking, source code control, build automation, and reporting. A cross-site scripting vulnerability...