CVE-2021-21588

Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI. An unauthenticated attacker could potentially exploit this vulnerability by tricking the user into performing unwanted actions on the Presentation Server and perform which may lead ...

Cross site scripting

Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI. An unauthenticated attacker could potentially exploit this vulnerability by tricking the user into performing unwanted actions on the Presentation Server and perform which may lead ...

CVE-2021-21588

Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI. An unauthenticated attacker could potentially exploit this vulnerability by tricking the user into performing unwanted actions on the Presentation Server and perform which may lead ...

Denial Of Service (DoS)

apache2 is vulnerable to denial of service. An attacker is able to cause admin webUI denial of service DoS via malicious HTTP requests/responses...

DEBIAN-CVE-2021-30527

Use after free in WebUI in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...

CVE-2021-30527

Use after free in WebUI in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...

Design/Logic Flaw

Use after free in WebUI in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...

CVE-2021-30527

CVE-2021-30527 is a use-after-free vulnerability in Chromium’s WebUI before version 91.0.4472.77. Exploitation could be triggered by convincing a user to install a malicious extension or via a crafted HTML page, enabling heap corruption and arbitrary code execution. Affected software is Chromium/...

CVE-2021-30527

Use after free in WebUI in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...

CVE-2021-30527

Use after free in WebUI in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...

CVE-2021-30527

Use after free in WebUI in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...

Chromium: CVE-2021-30527 Use after free in WebUI

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Google Chrome post-release reuse vulnerability (CNVD-2021-41141)

Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A post-release reuse vulnerability exists in the WebUI in versions prior to Google Chrome 91.0.4472.77, which can be exploited by an attacker to exploit heap...

Google Chrome 资源管理错误漏洞

Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A post-release reuse vulnerability exists in the WebUI in versions prior to Google Chrome 91.0.4472.77, which can be exploited by an attacker to exploit heap...

Canal Admin suffers from an information disclosure vulnerability

Canal Admin is designed to provide overall configuration management, node O&M and other O&M-oriented functions for canal, providing a relatively friendly WebUI interface. There is an information disclosure vulnerability in Canal Admin, which can be exploited by attackers to obtain sensitive...

Security Bulletin: IBM License Metric Tool v7.2.2 and v7.5 and IBM Tivoli Asset Discovery for Distributed v7.2.2 and v7.5 are vulnerable to Padding Oracle On Downgraded Legacy Encryption (POODLE) attack on SSLv3 connections (CVE-2014-3566)

Summary SSLv3 protocol used to secure a number of connection paths in IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed is vulnerable to POODLE attack. This attack enables a man-in-the-middle attacker to decrypt and intercept communications, including user-server and...

Cross site request forgery (csrf)

Cross Site Request Forgery CSRF vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B, via all fields to WebUI...

CVE-2020-19639

CVE-2020-19639 affects INSMA Wifi Mini Spy 1080P HD Security IP Camera, version 1.9.7 B. The vulnerability is a Cross-Site Request Forgery (CSRF) that can be triggered via all fields to the WebUI. The connected CNVD/NVD entries corroborate CSRF in this specific camera model. Root cause details be...

ipa security and bug fix update

4.6.8-5.0.1 - Blank out header-logo.png product-name.png - Replace login-screen-logo.png Orabug: 20362818 4.6.8-5.el79.4 - Resolves: 1897253 IPA WebUI inaccessible after upgrading to RHEL 8.3.- idoverride-memberof.js missing - wgi/plugins.py: ignore empty plugin directories - Resolves: 1895197...

CVE-2021-28122

A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI component allows an unauthenticated user to use a crafted HTTP API request to create, read, update, or delete entries in the subscriber database. For example, new administrative users can be added. Th...