8153 matches found
KLA12039 ACE vulnerability in Microsoft Browsers
A memory corruption vulnerability was found in Microsoft Browsers. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2021-1705 Related products Microsoft-Edge CVE list CVE-2021-1705 critical KB list 4598243 4598231 4598229 4598242 4598230 4598245...
KLA12042 Multiple vulnerabilities in Microsoft Office
Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, gain privileges. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Microsoft Word can be exploited...
IBM Engineering Workflow Management Cross-Site Scripting Vulnerability (CNVD-2021-03015)
IBM Engineering Workflow Management EWM is a team collaboration tool that integrates a variety of development tasks, including iteration planning, process definition, change management, defect tracking, source code control, build automation, and reporting. A cross-site scripting vulnerability...
IBM Engineering Workflow Management Cross-Site Scripting Vulnerability (CNVD-2021-03014)
IBM Engineering Workflow Management EWM is a team collaboration tool that integrates a variety of development tasks, including iteration planning, process definition, change management, defect tracking, source code control, build automation, and reporting. A cross-site scripting vulnerability...
CVE-2020-4733
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188127...
DEBIAN-CVE-2020-16024
Heap buffer overflow in UI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...
UBUNTU-CVE-2021-21111
Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension...
IBM Jazz Foundation 跨站脚本漏洞
IBM Engineering Workflow Management EWM is a team collaboration tool that integrates a variety of development tasks, including iteration planning, process definition, change management, defect tracking, source code control, build automation, and reporting. A cross-site scripting vulnerability...
IBM Engineering Requirements Quality Assistant 跨站脚本漏洞
IBM Engineering Requirements Quality Assistant uses AI to help you improve requirements quality from the authoring source. A cross-site scripting vulnerability exists in IBM Engineering Requirements Quality Assistant. An attacker could exploit the vulnerability to embed arbitrary JavaScript code ...
CVE-2020-4895
IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a truste...
CVE-2020-4892
IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190979...
IBM Cloud Pak System Cross-Site Scripting Vulnerability (CNVD-2021-00890)
IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from IBM USA. A cross-site scripting vulnerability exists in IBM Cloud Pak System 2.3. An attacker could exploit the vulnerability to embed arbitrary JavaScript code in the Web UI that could...
IBM Cloud Pak System Cross-Site Scripting Vulnerability (CNVD-2021-00889)
IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from IBM USA. A cross-site scripting vulnerability exists in IBM Cloud Pak System 2.3. An attacker could exploit the vulnerability to embed arbitrary JavaScript code in the Web UI that could...
IBM Cloud Pak System Cross-Site Scripting Vulnerability (CNVD-2021-00888)
IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from IBM USA. A cross-site scripting vulnerability exists in IBM Cloud Pak System 2.3. An attacker could exploit the vulnerability to embed arbitrary JavaScript code in the Web UI that could...
CVE-2020-4910
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191274...
CVE-2020-4916
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191390...
CVE-2020-4909
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191273...
FortiWeb is vulnerable to a blind SQL injection
A blind SQL injection in the user interface of FortiWeb may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement...
IBM Cloud Pak System 跨站脚本漏洞
IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from IBM USA. A cross-site scripting vulnerability exists in IBM Cloud Pak System 2.3. An attacker could exploit the vulnerability to embed arbitrary JavaScript code in the Web UI that could...
CVE-2020-4916
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191390...