Lucene search
K

8183 matches found

RedHat Linux
RedHat Linux
added 2020/08/10 6:40 a.m.2 views

chromium-browser: Insufficient data validation in WebUI

Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page...

6.1CVSS7.4AI score0.01359EPSS
Exploits0References5
Kaspersky
Kaspersky
added 2020/08/10 12:0 a.m.311 views

KLA11927 Multiple vulnerabilties in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code, cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Security UI vulnerability in media...

9.3CVSS9.5AI score0.29292EPSS
Exploits1References4
OSV
OSV
added 2020/08/08 10:15 p.m.8 views

OPENSUSE-SU-2020:1172-1 Security update for opera

This update for opera fixes the following issues: - Update to version 70.0.3728.71 - DNA-86267 Make Recently closed tabs appearance consistent with Search for open tabs. - DNA-86988 Opera 70 translations - DNA-87530 Zen news leads not loading - DNA-87636 Fix displaying folder icon for closed...

9.6CVSS7AI score0.1132EPSS
Exploits13References27
pentestit
pentestit
added 2020/08/07 12:42 a.m.52 views

UPDATE: Infection Monkey 1.9.0

Infection Monkey 1.9.0, the open source breach and attack simulation tool was released a few hours ago - just in time for BlackHat/DefCon 2020. My first post about this tool can be found in a post titled the List of Adversary Emulation Tools. Updates include an expanded list of MITRE ATT&CK...

2.2AI score
Exploits0
Veracode
Veracode
added 2020/08/06 9:29 p.m.19 views

Denial Of Service (DoS)

firefox is vulnerable to denial of service. When specifying a custom cursor using CSS in an endless loop, the user interface will be perceived to be in a broken state...

6.5CVSS3.5AI score0.01237EPSS
Exploits0References7Affected Software7
VulnCheck KEV
VulnCheck KEV
added 2020/08/06 12:0 a.m.6 views

VulnCheck KEV: CVE-2020-15654

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work...

6.5CVSS6.9AI score0.01237EPSS
Exploits0References1
Cisco
Cisco
added 2020/08/05 4:0 p.m.29 views

Cisco Webex Meetings Desktop App Information Disclosure Vulnerabilities

Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users. These vulnerabilities are due to improper input validation of parameters returned to the application from a web...

4.1CVSS0.8AI score
Exploits0References1
Cisco
Cisco
added 2020/08/05 4:0 p.m.21 views

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

A vulnerability in the web UI of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The...

6.1CVSS1.5AI score0.00833EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/08/05 12:0 a.m.4 views

The vulnerability of the User Interface component of the Oracle Advanced Outbound Telephony application, which allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the User Interface component of the Oracle Advanced Outbound Telephony application is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP...

8.2CVSS7.7AI score0.01256EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/08/05 12:0 a.m.4 views

The vulnerability in the user interface of Google Chrome’s Chromium browser allows a perpetrator to compromise data integrity.

The vulnerability of the Chromium browser’s user interface in Google Chrome is related to the lack of mechanisms for privilege control and access management. Exploiting this vulnerability allows a malicious actor to affect data integrity through a specially created HTML page...

4.3CVSS6.6AI score0.01619EPSS
Exploits0References11Affected Software5
BDU FSTEC
BDU FSTEC
added 2020/08/05 12:0 a.m.5 views

The vulnerability of the User Interface component of the Oracle Financial Services Liquidity Risk Management application allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the User Interface component of the Oracle Financial Services Liquidity Risk Management application is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to read, modify, add, or delete da...

7.5CVSS7.2AI score0.01032EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/08/05 12:0 a.m.4 views

The vulnerability of the User Interface component of the Oracle Insurance Accounting Analyzer allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the User Interface component of the Oracle Insurance Accounting Analyzer is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to read, modify, add, or delete data using the HTTP protocol...

6.8CVSS6.9AI score0.00972EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/08/05 12:0 a.m.4 views

The vulnerability of the User Interface component of the Oracle Financial Services Loan Loss Forecasting and Provisioning application allows a hacker to gain access to read, modify, add, or delete data.

The vulnerability of the User Interface component of the Oracle Financial Services Loan Loss Forecasting and Provisioning application is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, or...

6.8CVSS6.9AI score0.00972EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/08/05 12:0 a.m.4 views

The vulnerability in the user interface of Google Chrome’s Chromium browser allows a hacker to gain access to confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of Google Chrome’s Chromium user interface is related to errors in the use of standard permissions. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and also cause service interruptions through a specially created...

9.3CVSS7.5AI score0.01778EPSS
Exploits0References12Affected Software5
BDU FSTEC
BDU FSTEC
added 2020/08/05 12:0 a.m.4 views

The vulnerability in the implementation of the WebView user interface of the Chromium browser by Google Chrome allows a perpetrator to compromise data integrity.

The vulnerability of the WebView implementation in the Chromium browser’s user interface is related to a resource management mechanism error. Exploiting this vulnerability allows an attacker to compromise data integrity through a specially created application...

4.3CVSS6.6AI score0.0172EPSS
Exploits1References13Affected Software5
Kitploit
Kitploit
added 2020/08/04 9:30 p.m.36 views

DLInjector-GUI - DLL Injector Graphical User Interface

DLInjector for Graphical User Interface. Faster DLL Injector for processes. It targets the process name to identify the target. The process does not need to be open to define the target. DLInjector waits until the process executed. USAGE DLInjector usage a very simple. Firstly, enter the target...

7.7AI score
Exploits0References2
OSV
OSV
added 2020/08/04 4:15 p.m.4 views

CVE-2020-4525

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID...

5.4CVSS5.9AI score0.00561EPSS
Exploits0References2
OSV
OSV
added 2020/08/04 4:15 p.m.3 views

CVE-2020-4396

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID...

5.4CVSS5.9AI score0.00561EPSS
Exploits0References2
OSV
OSV
added 2020/08/03 1:15 p.m.1 views

CVE-2020-4560

IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

6.1CVSS5.5AI score0.00852EPSS
Exploits0References2
CNVD
CNVD
added 2020/07/30 12:0 a.m.9 views

TYPO3 Backend User Interface component code issue vulnerability (CNVD-2021-26155)

TYPO3 is a free and open source content management system framework CMS/CMF from the TYPO3 Association in Switzerland.Backend User Interface is one of the backend user interface components. A code issue vulnerability exists in the Backend User Interface component in TYPO3 versions 9.0.0 through...

8.8CVSS6.7AI score0.02229EPSS
Exploits0References1
Rows per page
Query Builder