419 matches found
CVE-2024-0082 CVE
NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application. A successful exploit of this vulnerability might lead to local escalation of privileges, information disclosure, and data...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A denial of service vulnerability exists in Huawei...
CVE-2024-20347
Cisco Emergency Responder is affected by a cross-site request forgery (CSRF) vulnerability in the web UI that, together with insufficient protections, could allow an unauthenticated or user-privileged actor to perform arbitrary actions on the device when a user visits a crafted link. The root cau...
Cisco Emergency Responder 安全漏洞
Cisco Emergency Responder is an emergency response framework from Cisco USA. A security vulnerability exists in Cisco Emergency Responder that stems from inadequate protection of the Web UI on affected systems...
CVE-2024-22207 Default swagger-ui configuration exposes all files in the module
fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting th...
Design/Logic Flaw
An Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device. If the "tcp-reset" option is added to the "reject" action in an IPv6 filter which...
CVE-2024-21607
Concrete details available: Juniper Junos OS on MX Series and EX9200 Series is affected by CVE-2024-21607 due to a kernel-filter payload-protocol handling issue in IPv6 firewall filters. The root cause is that the payload-protocol match is not supported in the kernel filter, causing terms to acce...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS and EMUI are both operating system products of Huawei China, offering a full-scenario distributed operating system based on a microkernel. A denial of service vulnerability exists in Huawei HarmonyOS and EMUI, which can be exploited by an attacker to cause a denial of service by...
CVE-2023-43057
IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267484...
CVE-2023-5850
Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. Chromium security severity: Medium...
CVE-2023-20273
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web...
PT-2023-26576 · Ibm · Ibm Sterling Partner Engagement Manager
Name of the Vulnerable Software and Affected Versions: IBM Sterling Partner Engagement Manager versions 6.1.2, 6.2.0, and 6.2.2 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosu...
Input validation
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. This vulnerability is due to improper validation of parameters that are sent to the web UI. An attacker could exploit this vulnerabilit...
CVE-2023-20261
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. This vulnerability is due to improper validation of parameters that are sent to the web UI. An attacker could exploit this vulnerabilit...
PT-2023-6317
Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software affected versions not specified Description A flaw exists in the web UI feature of Cisco IOS XE Software that could allow an authenticated, remote attacker to inject commands with root privileges. This is due to...
x-ui Trust Management Issue Vulnerability
x-ui is a multi-protocol, multi-user xray panel from the individual developers at vaxilu. A security vulnerability exists in x-ui v1.8.3, which stems from a vulnerability that allows an attacker to obtain sensitive information via a default password...
HCL Technologies BigFix Mobile 命令注入漏洞
HCL Technologies BigFix Mobile is a Mobile Device Management MDM solution from HCL Technologies. It is designed to help businesses and organizations effectively manage and secure mobile devices, including smartphones, tablets and other mobile devices. HCL Technologies BigFix Mobile suffers from a...
Code injection
Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the UI showing the updated permissions...
PT-2023-12345 · Ibm · Ibm Cloud Object System
Name of the Vulnerable Software and Affected Versions: IBM Cloud Object System version 3.15.8.97 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted session. Th...
Telegram 安全漏洞
Telegram is an instant messaging mobile application. A security vulnerability exists in Telegram version v9.6.3, which stems from a vulnerability that allows an attacker to hide critical information on the User Interface by calling the function SFSafariViewController...