Lucene search
K

8173 matches found

ThreatPost
ThreatPost
added 2020/12/02 3:44 p.m.37 views

Microsoft Revamps ‘Invasive’ M365 Feature After Privacy Backlash

Microsoft has announced what it calls a more privacy-friendly version of its Productivity Score enterprise feature, following backlash from security experts who condemned it as a “full-fledged workplace surveillance tool.” The Productivity Score feature, which was launched as part of the Microsof...

Exploits0References11
BDU FSTEC
BDU FSTEC
added 2020/12/01 12:0 a.m.5 views

The vulnerability of the user interface of Cisco Webex Meetings software allows attackers to perform cross-site scripting attacks.

The vulnerability of the user interface of Cisco Webex Meetings software relates to the lack of measures taken to eliminate script-related tags on web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

6.1CVSS6AI score0.01009EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2020/11/30 7:50 p.m.2 views

Mozilla: Fullscreen could be enabled without displaying the security UI

It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...

4.3CVSS7.3AI score0.01277EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/11/30 10:40 a.m.3 views

Mozilla: Fullscreen could be enabled without displaying the security UI

It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...

4.3CVSS7.3AI score0.01277EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/11/30 9:0 a.m.3 views

Mozilla: Fullscreen could be enabled without displaying the security UI

It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...

4.3CVSS7.3AI score0.01277EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/11/30 8:55 a.m.8 views

Mozilla: Fullscreen could be enabled without displaying the security UI

It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...

4.3CVSS7.3AI score0.01277EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/11/30 8:51 a.m.2 views

Mozilla: Fullscreen could be enabled without displaying the security UI

It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...

4.3CVSS7.3AI score0.01277EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/11/30 8:37 a.m.3 views

Mozilla: Fullscreen could be enabled without displaying the security UI

It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...

4.3CVSS7.3AI score0.01277EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2020/11/24 12:0 a.m.5 views

The vulnerability of the Microsoft Office software package, related to errors in information presentation at the user interface level, allows attackers to carry out spoofing attacks.

The vulnerability of the Microsoft Office suite is related to errors in information representation by the user interface. Exploiting this vulnerability allows a remote attacker to perform spoofing attacks...

6.4CVSS6.7AI score0.01461EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2020/11/24 12:0 a.m.2 views

The vulnerability of the Team Foundation Services component of the software development tool Azure DevOps Server, which allows a hacker to manipulate the content of a page.

The vulnerability of the Team Foundation Services component of the Azure DevOps Server development tool is related to a false representation of information on the user interface. Exploiting this vulnerability could allow a malicious actor to manipulate the page content remotely...

7.5CVSS5.8AI score0.01512EPSS
Exploits0References3
CNVD
CNVD
added 2020/11/24 12:0 a.m.2 views

IBM Jazz Reporting Service Cross-Site Scripting Vulnerability (CNVD-2020-68256)

IBM Jazz Reporting Service JRS is a suite of ready-to-use reporting components from IBM in the United States. The product includes features such as report generation, data collection and lifecycle queries. IBM Jazz Reporting Service has a security vulnerability that makes it susceptible to stored...

6.4CVSS6.6AI score0.00554EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2020/11/20 1:51 p.m.21 views

CVE-2020-27748

A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive fil...

6.5CVSS1.1AI score0.01443EPSS
Exploits1References4
CNVD
CNVD
added 2020/11/20 12:0 a.m.7 views

Schneider Electric EcoStruxure Building Operation WebStation Cross-Site Scripting Vulnerability

The EcoStruxure Building Operation WebStation is a web-based user interface for daily operations in the EcoStruxure BMS. A cross-site scripting vulnerability exists in EcoStruxure Building Operation WebStation 2.0 - 3.1. An attacker can exploit this vulnerability to inject HTML and JavaScript cod...

6.1CVSS6AI score0.00924EPSS
Exploits0References1
NVD
NVD
added 2020/11/19 6:15 p.m.13 views

CVE-2020-12495

Endress+Hauser Ecograph T Neutral/Private Label RSG35, ORSG35 with Firmware version prior to V2.0.0 is prone to improper privilege management. The affected device has a web-based user interface with a role-based access system. Users with different roles have different write and read privileges. T...

9.1CVSS9.2AI score0.00908EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/11/19 12:0 a.m.8 views

The vulnerability of the Address Bar Handler component in the Yandex Browser for Android allows attackers to perform spoofing attacks.

The vulnerability of the Address Bar Handler component in the Yandex Browser for Android is related to errors in information representation by the user interface. Exploiting this vulnerability can allow a remote attacker to perform spoofing attacks...

4.3CVSS5.5AI score0.00982EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2020/11/18 12:0 a.m.4 views

Google Chrome Buffer Error Vulnerability

Google Chrome is a web browser from Google, Inc USA. A security vulnerability exists in versions prior to Google chrome 87.0.4280.66, which stems from a heap buffer overflow in the UI...

9.6CVSS7.5AI score0.01909EPSS
Exploits0References9
Typo3
Typo3
added 2020/11/17 12:0 a.m.30 views

Protecting Install Tool with Sudo Mode

When the system maintainer concept was introduced with TYPO3 v9.0.0 the necessity of having to enter a password when accessing the Install Tool via backend user interface was removed...

7AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/11/17 12:0 a.m.4 views

The vulnerability of the Windows operating system, related to errors in information representation by the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of the Windows operating system is related to errors in information representation by the user interface. Exploiting this vulnerability can allow attackers to perform spoofing attacks...

5.5CVSS5.9AI score0.19124EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2020/11/17 12:0 a.m.6 views

The vulnerability of the User Interface component of Oracle Communications Diameter Signaling Router software allows a attacker to gain unauthorized access to read, modify, add, or delete data.

The vulnerability of the User Interface component of Oracle Communications Diameter Signaling Router software lies in insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to read, modify, add, or delete data...

5.4CVSS6.6AI score0.00718EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/11/17 12:0 a.m.4 views

The vulnerability of the User Interface component of Oracle Communications Diameter Signaling Router software allows a attacker to gain unauthorized access to read, modify, add, or delete data.

The vulnerability of the User Interface component of Oracle Communications Diameter Signaling Router software lies in insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to read, modify, add, or delete data...

6.1CVSS6.9AI score0.01153EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder