Lucene search
+L

98 matches found

OSV
OSV
added 2022/01/25 8:15 p.m.5 views

CVE-2021-41598

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub Ap...

8.8CVSS5.8AI score0.01152EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/01/25 8:15 p.m.4 views

CVE-2021-41598

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub Ap...

8.8CVSS7.3AI score0.01152EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2022/01/25 8:15 p.m.20 views

Design/Logic Flaw

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub Ap...

6.8CVSS8.7AI score0.01152EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/01/25 7:45 p.m.64 views

CVE-2021-41598

GitHub Enterprise Server vulnerability CVE-2021-41598 is a UI misrepresentation flaw in the GitHub App authorization flow. It can cause more permissions to be granted than the user sees during approval, specifically if the user later updates the repositories an app is installed on after additiona...

8.8CVSS8.8AI score0.01152EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/01/25 7:45 p.m.29 views

CVE-2021-41598 UI misrepresentation of granted permissions in GitHub Enterprise Server leading to unauthorized access to user

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub Ap...

8.9AI score0.01152EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/01/25 12:0 a.m.4 views

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is Github an open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stems from a UI...

8.8CVSS7.8AI score0.01152EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/09/14 12:0 a.m.3 views

PT-2021-6962 · Microsoft · Visual Studio Code

Name of the Vulnerable Software and Affected Versions: Visual Studio Code affected versions not specified Description: The issue is related to errors in the representation of information by the user interface, which can allow an attacker to conduct spoofing attacks. There is also a mention of a...

5.5CVSS6.4AI score0.02128EPSS
Exploits0References6
OSV
OSV
added 2021/05/14 9:15 p.m.4 views

CVE-2021-22866

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub Ap...

8.8CVSS5.8AI score0.01045EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/05/14 9:10 p.m.31 views

CVE-2021-22866 UI misrepresentation of granted permissions in GitHub Enterprise Server leading to unauthorized access to user resources

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub Ap...

8.9AI score0.01045EPSS
Exploits0References2
CVE
CVE
added 2021/05/14 9:10 p.m.90 views

CVE-2021-22866

The CVE describes a UI misrepresentation in GitHub Enterprise Server’s GitHub App authorization flow. A user could grant more permissions than shown if the App had additional user-level permissions added after initial approval, by revisiting the authorization flow. Affected products/versions: Git...

8.8CVSS8.8AI score0.01045EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/10/20 5:15 p.m.5 views

CVE-2020-7371

User Interface UI Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects the RITS Browser version 3.3.9 and prior versions...

4.3CVSS5.8AI score0.00994EPSS
Exploits1References2
NVD
NVD
added 2020/10/20 5:15 p.m.29 views

CVE-2020-7363

User Interface UI Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb's UC Browser version 13.0.8 and prior versions...

4.3CVSS0.00742EPSS
Exploits1References2
OSV
OSV
added 2020/10/20 5:15 p.m.4 views

CVE-2020-7364

User Interface UI Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb's UC Browser version 13.0.8 and prior versions...

4.3CVSS5.8AI score0.00742EPSS
Exploits1References2
Prion
Prion
added 2020/10/20 5:15 p.m.22 views

Design/Logic Flaw

User Interface UI Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb's UC Browser version 13.0.8 and prior versions...

4.3CVSS4.6AI score0.00742EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2020/10/20 4:40 p.m.55 views

CVE-2020-7371

CVE-2020-7371 describes a UI misrepresentation in the address bar exploited via JavaScript timing to spoof the perceived source of content in the RITS Browser 3.3.9 and earlier. Exploitation requires visiting a site that can run JavaScript; the attacker can cause UI elements to appear as if they ...

4.3CVSS4.5AI score0.00994EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/10/20 4:40 p.m.26 views

CVE-2020-7371 Raise IT Solutions RITS Browser Address Bar Spooofing

User Interface UI Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects the RITS Browser version 3.3.9 and prior versions...

4.3CVSS4.6AI score0.00994EPSS
Exploits1References2
CVE
CVE
added 2020/10/20 4:40 p.m.51 views

CVE-2020-7363

CVE-2020-7363 affects UCWeb UC Browser versions 13.0.8 and earlier, enabling UI/address-bar spoofing through JavaScript timing tricks that can mislead users about the page origin. Exploitation requires visiting a page hosting executable JavaScript; it can trigger in-browser content or popups that...

4.3CVSS4.5AI score0.00742EPSS
Exploits1References2Affected Software1
OpenVAS
OpenVAS
added 2017/07/13 12:0 a.m.28 views

Adobe Connect Multiple Vulnerabilities (APSB17-22)

Adobe Connect is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:connect"; ifdescription...

7.5CVSS6.5AI score0.05614EPSS
Exploits0References4
Rows per page
Query Builder