Malicious code in @shared-ui/global-navigation-header (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3146f75b07c94a8fd45a30d06312fef2e4562d93ab98b0e3eb67da5051b5082e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @idse/common-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2cf8a80088e5eda0a3d5b7faca5cd4f36b1cc98345a383d657e4313e765efb4c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @bigid-ui/components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4155acf29ddb0adae2f2336b9511dcc46c60cb1f01b63e0aa629c87130a81c0c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in remote-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2fcb162e726d16a6a879f1638e37d2ff333ad217f5c75decb034d9b8330a9167 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

UI Redressing

Description The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. Proof of Concept 1. Go to this URL:...

The vulnerability of the Region Mapping sub-component of the Oracle Advanced Outbound Telephony component of the Oracle E-Business Suite allows a malicious actor to gain access to read, modify, add, or delete data.

The vulnerability of the User Interface sub-component of the Oracle Advanced Outbound Telephony component in the Oracle E-Business Suite exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker, operating remotely, to gain access to read, modify, add, ...

The vulnerability of Skype for Business Server in corporate communication servers lies in the lack of protection for service data, which allows attackers to carry out spoofing attacks.

The vulnerability of Skype for Business Server’s corporate communication servers is related to information representation errors in the user interface. Exploiting this vulnerability can allow attackers to perform spoofing attacks remotely...

The vulnerability of the User Interface sub-component of the Oracle Collaborative Planning component of the Oracle E-Business Suite allows a perpetrator to access and modify data.

The vulnerability of the User Interface sub-component of the Oracle Collaborative Planning product, a business automation system within the Oracle E-Business Suite, exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to...

The vulnerability of Microsoft Edge browser, related to information representation errors in the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of Microsoft Edge is related to information representation errors in the user interface. Exploiting this vulnerability can allow a malicious actor to perform spear-phishing attacks remotely...

USN-5475-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, spoof the browser UI, conduct cross-site scripting XSS attacks, bypass...

UCWeb 安全漏洞

UCWeb is a browser. A security vulnerability exists in UCWeb version 11.2.5.932, which originates in the component HTML handler, where manipulation of parameter headers can lead to improper restriction of the rendered ui layer URL...

WolfCMS Cross-Site Scripting Vulnerability (CNVD-2022-62200)

WolfCMS is designed to simplify content management by providing an elegant user interface, flexible per-page templates, simple user management and permissions, and the tools needed for file management.A cross-site scripting vulnerability exists in WolfCMS 0.8.3.1 and prior versions, which stems...

PT-2022-21200

Name of the Vulnerable Software and Affected Versions Grafana version 8.4.3 Description The issue allows unauthenticated access via a "/dashboard/snapshot/?orgId=0" URI. The vendor considers this a UI bug, not a vulnerability. Recommendations For Grafana version 8.4.3, consider restricting access...

Important: Red Hat Security Advisory: Red Hat Virtualization security, bug fix, and enhancement update [ovirt-4.5.0]

An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System...

The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Server Subscription Edition, Microsoft SharePoint Enterprise Server, and Microsoft SharePoint Foundation relates to information representation errors in the user interface, allowing attackers to perform spoofing attacks.

The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Server Subscription Edition, Microsoft SharePoint Enterprise Server, and Microsoft SharePoint Foundation relates to information display errors in the user interface. Exploiting this vulnerability allows a malicious actor to...

CVE-2022-22556

Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerability in PowerStore User Interface. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the Denial of Service...

CVE-2022-22556

Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerability in PowerStore User Interface. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the Denial of Service...

CVE-2022-29729

Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page...

UBUNTU-CVE-2022-30034

Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes...

OESA-2022-1693 python-XStatic-jquery-ui security update

jquery-ui javascript library packaged for setuptools easyinstall / pip. This package is intended to be used by any project that needs these files. It intentionally does not provide any extra code except some metadata nor has any extra requirements. You MAY use some minimal support code from the...