8173 matches found
Microsoft Revamps ‘Invasive’ M365 Feature After Privacy Backlash
Microsoft has announced what it calls a more privacy-friendly version of its Productivity Score enterprise feature, following backlash from security experts who condemned it as a “full-fledged workplace surveillance tool.” The Productivity Score feature, which was launched as part of the Microsof...
The vulnerability of the user interface of Cisco Webex Meetings software allows attackers to perform cross-site scripting attacks.
The vulnerability of the user interface of Cisco Webex Meetings software relates to the lack of measures taken to eliminate script-related tags on web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
Mozilla: Fullscreen could be enabled without displaying the security UI
It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...
Mozilla: Fullscreen could be enabled without displaying the security UI
It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...
Mozilla: Fullscreen could be enabled without displaying the security UI
It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...
Mozilla: Fullscreen could be enabled without displaying the security UI
It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...
Mozilla: Fullscreen could be enabled without displaying the security UI
It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...
Mozilla: Fullscreen could be enabled without displaying the security UI
It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...
The vulnerability of the Microsoft Office software package, related to errors in information presentation at the user interface level, allows attackers to carry out spoofing attacks.
The vulnerability of the Microsoft Office suite is related to errors in information representation by the user interface. Exploiting this vulnerability allows a remote attacker to perform spoofing attacks...
The vulnerability of the Team Foundation Services component of the software development tool Azure DevOps Server, which allows a hacker to manipulate the content of a page.
The vulnerability of the Team Foundation Services component of the Azure DevOps Server development tool is related to a false representation of information on the user interface. Exploiting this vulnerability could allow a malicious actor to manipulate the page content remotely...
IBM Jazz Reporting Service Cross-Site Scripting Vulnerability (CNVD-2020-68256)
IBM Jazz Reporting Service JRS is a suite of ready-to-use reporting components from IBM in the United States. The product includes features such as report generation, data collection and lifecycle queries. IBM Jazz Reporting Service has a security vulnerability that makes it susceptible to stored...
CVE-2020-27748
A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive fil...
Schneider Electric EcoStruxure Building Operation WebStation Cross-Site Scripting Vulnerability
The EcoStruxure Building Operation WebStation is a web-based user interface for daily operations in the EcoStruxure BMS. A cross-site scripting vulnerability exists in EcoStruxure Building Operation WebStation 2.0 - 3.1. An attacker can exploit this vulnerability to inject HTML and JavaScript cod...
CVE-2020-12495
Endress+Hauser Ecograph T Neutral/Private Label RSG35, ORSG35 with Firmware version prior to V2.0.0 is prone to improper privilege management. The affected device has a web-based user interface with a role-based access system. Users with different roles have different write and read privileges. T...
The vulnerability of the Address Bar Handler component in the Yandex Browser for Android allows attackers to perform spoofing attacks.
The vulnerability of the Address Bar Handler component in the Yandex Browser for Android is related to errors in information representation by the user interface. Exploiting this vulnerability can allow a remote attacker to perform spoofing attacks...
Google Chrome Buffer Error Vulnerability
Google Chrome is a web browser from Google, Inc USA. A security vulnerability exists in versions prior to Google chrome 87.0.4280.66, which stems from a heap buffer overflow in the UI...
Protecting Install Tool with Sudo Mode
When the system maintainer concept was introduced with TYPO3 v9.0.0 the necessity of having to enter a password when accessing the Install Tool via backend user interface was removed...
The vulnerability of the Windows operating system, related to errors in information representation by the user interface, allows attackers to perform spear-phishing attacks.
The vulnerability of the Windows operating system is related to errors in information representation by the user interface. Exploiting this vulnerability can allow attackers to perform spoofing attacks...
The vulnerability of the User Interface component of Oracle Communications Diameter Signaling Router software allows a attacker to gain unauthorized access to read, modify, add, or delete data.
The vulnerability of the User Interface component of Oracle Communications Diameter Signaling Router software lies in insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to read, modify, add, or delete data...
The vulnerability of the User Interface component of Oracle Communications Diameter Signaling Router software allows a attacker to gain unauthorized access to read, modify, add, or delete data.
The vulnerability of the User Interface component of Oracle Communications Diameter Signaling Router software lies in insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to read, modify, add, or delete data...