CVE-2022-22654

A user interface issue was addressed. This issue is fixed in watchOS 8.5, Safari 15.4. Visiting a malicious website may lead to address bar spoofing...

CVE-2022-20317

In SystemUI, there is a possible way to unexpectedly enable the external speaker due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Androi...

CVE-2022-33700

Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log...

CVE-2022-25780

Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope...

CVE-2022-21518

Vulnerability in the Oracle Health Sciences Data Management Workbench product of Oracle Health Sciences Applications component: User Interface. Supported versions that are affected are 2.4.8.7 and 2.5.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTT...

CVE-2022-0858

A cross-site scripting XSS vulnerability in McAfee Enterprise ePolicy Orchestrator ePO prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to limited abilit...

CVE-2021-32958

Successful exploitation of this vulnerability on Claroty Secure Remote Access SRA Site versions 3.0 through 3.2 allows an attacker with local command line interface access to gain the secret key, subsequently allowing them to generate valid session tokens for the web user interface UI. With acces...

CVE-2021-20847

Cross-site scripting vulnerability in Wi-Fi STATION SH-52A 38JP111G, 38JP111J, 38JP111K, 38JP111L, 38JP126F, 38JP126G, 38JP126J, 38JP203B, and 38JP203C allows a remote unauthenticated attacker to inject an arbitrary script via WebUI of the device...

CVE-2021-35616

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain component: UI Infrastructure. The supported version that is affected is 6.4.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation...

CVE-2021-0769

In onCreate of AllowBindAppWidgetActivity.java, there is a possible bypass of user interaction requirements due to unclear UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

CVE-2021-23885

Privilege escalation vulnerability in McAfee Web Gateway MWG prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page...

CVE-2021-28673

Xerox Phaser 6510 before 64.61.23 and 64.59.11 Bridge, WorkCentre 6515 before 65.61.23 and 65.59.11 Bridge, VersaLink B400 before 37.61.23 and 37.59.01 Bridge, B405 before 38.61.23 and 38.59.01 Bridge, B600/B610 before 32.61.23 and 32.59.01 Bridge, B605/B615 before 33.61.23 and 33.59.01 Bridge,...

CVE-2021-23976

When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on...

CVE-2020-14560

Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion component: UI and Visualization. The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion BI+. Successful...

CVE-2020-5902

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface TMUI, also referred to as the Configuration utility, has a Remote Code Execution RCE vulnerability in undisclosed pages...

CVE-2020-0063

In SurfaceFlinger, it is possible to override UI confirmation screen protected by the TEE. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143128911...

CVE-2020-5940

In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.3, a stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface TMUI, also known as the BIG-IP Configuration utility...

CVE-2020-5904

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a cross-site request forgery CSRF vulnerability in the Traffic Management User Interface TMUI, also referred to as the Configuration utility, exists in an undisclosed page...

CVE-2020-20094

Instagram iOS 106.0 and prior and Android 107.0.0.11 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages...

CVE-2020-21142

Cross Site Scripting XSS vulnerabilty in IPFire 2.23 via the IPfire web UI in the mail.cgi...