8183 matches found
IBM Engineering Workflow Management Cross-Site Scripting Vulnerability
IBM Engineering Workflow Management is a team collaboration tool that integrates development tasks including iteration planning, change management, defect tracking, source code control, build automation and reporting. A cross-site scripting vulnerability exists in IBM Engineering Workflow...
OPENSUSE-SU-2020:1306-1 Security update for chromium
This update for chromium fixes the following issues: Chromium was updated to version 85.0.4183.83 boo1175757 fixing: - CVE-2020-6558: Insufficient policy enforcement in iOS - CVE-2020-6559: Use after free in presentation API - CVE-2020-6560: Insufficient policy enforcement in autofill -...
CVE-2020-3504
A vulnerability in the local management local-mgmt CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of CLI command parameters. An attacker could exploit th...
IBM Security Guardium Data Encryption (GDE) Cross-Site Scripting Vulnerability
IBM Security Guardium Data Encryption GDE provides a modular set of encryption solutions that help security teams effectively implement data-at-rest security across the organization. A cross-site scripting vulnerability exists in IBM Security Guardium Data Encryption GDE 3.0.0.2, which can be...
CVE-2019-5320
Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08. before 16.08.0009, 16.09. before 16.09.0007, 16.10. before 16.10.0003 are vulnerable to Cross Site Scripting in the web UI, leading to injection of code...
CVE-2019-5321
Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08. before 16.08.0009, 16.09. before 16.09.0007, 16.10. before 16.10.0003 are vulnerable to Remote Unauthorized Access in the WebUI...
CVE-2019-4691
IBM Security Guardium Data Encryption GDE 3.0.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID...
CVE-2020-3491
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct a cross-site scripting XSS attack against a user of the interface on an affected device. The vulnerability exists...
CVE-2020-3466
Multiple vulnerabilities in the web-based management interface of Cisco DNA Center software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. The vulnerabilities exist because the web-based managemen...
CVE-2020-5919
In versions 15.1.0-15.1.0.4, rendering of certain session variables by BIG-IP APM UI-based agents in an access profile configured with Modern customization, may cause the Traffic Management Microkernel TMM to stop responding...
Mozilla: Custom cursor can overlay user interface
When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. Thi...
Mozilla: Custom cursor can overlay user interface
When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. Thi...
KLA11943 Multiple vulnerabilities in Mozilla Firefox ESR
Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, gain privileges, spoof user interface. Below is a complete list of vulnerabilities: 1. Elevation of privilege vulnerability on...
KLA11948 Multiple vulnerabilities in Opera
Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in media component c...
KLA11946 Multiple vulnerabilities in Mozilla Thunderbird
Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: 1. Security UI vulnerability in eval function...
KLA11947 Multiple vulnerabilties in Mozilla Thunderbird
Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: 1. Security UI vulnerability in eval function...
KLA11945 Multiple vulnerabilities in Mozilla Firefox ESR
Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: 1. Security UI vulnerability in eval function...
KLA11941 Multiple vulnerabilities in Google Chrome
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, cause denial of service, gain privileges, spoof user interface, obtain sensitive information. Below is a complete list of vulnerabilitie...
CVE-2020-4548
IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input validation. A malicious administrator could bypass the user interface and send requests to the IBM Content Navigator server with illegal characters that could be stored in the IBM Content Navigator database. IBM X-Force ID:...
IBM Content Navigator Input Validation Error Vulnerability (CNVD-2020-47545)
IBM Content Navigator is a Web client from IBM USA. The product supports searching and processing documents stored in content servers from a Web browser. An input validation error vulnerability exists in IBM Content Navigator version 3.0CD. An attacker can exploit this vulnerability to bypass the...