7 matches found
ROS-20260310-73-0011
A vulnerability in the Digital Credentials component of Google Chrome browser is related to incorrect restriction of visualized user interface layers. Exploitation of the vulnerability could allow an attacker acting remotely to affect the integrity of protected information...
Shopside App 安全漏洞
Shopside App is a shopping application by Shopside Turkey. A security vulnerability exists in Shopside App 05022025 and earlier versions, which stems from improper restriction of the rendering UI layer or frame, which may result in an iFrame override...
The vulnerability of Mozilla Firefox, Mozilla Firefox ESR, and the email client Mozilla Thunderbird lies in improper restrictions on the display of user interface layers or frames, allowing attackers to access confidential information.
The vulnerabilities of Mozilla Firefox, Mozilla Firefox ESR, and the email client Mozilla Thunderbird are related to improper restrictions on the layers or frames that are displayed in the user interface. Exploiting these vulnerabilities can allow a malicious actor to gain access to confidential...
CVE-2017-20041
A vulnerability was found in Ucweb UC Browser 11.2.5.932. It has been classified as critical. Affected is an unknown function of the component HTML Handler. The manipulation of the argument title leads to improper restriction of rendered ui layers URL. It is possible to launch the attack remotely...
CVE-2021-3139
In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopylocateudev in tcmurcmdhandler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request. For example, an attack can occur over a network if th...
Directory traversal
In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopylocateudev in tcmurcmdhandler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request. For example, an attack can occur over a network if th...
PT-2020-12797 · Kong · Docker-Kong
Name of the Vulnerable Software and Affected Versions: docker-kong versions through 2.0.3 Description: An issue was discovered where the admin API port may be accessible on interfaces other than 127.0.0.1. The vendor argues that this is not a vulnerability because it has an inaccurate bug scope a...