CVE-2022-1039 ICSA-22-104-03 Red Lion DA50N

The weak password on the web user interface can be exploited via HTTP or HTTPS. Once such access has been obtained, the other passwords can be changed. The weak password on Linux accounts can be accessed via SSH or Telnet, the former of which is by default enabled on trusted interfaces. While the...

CVE-2022-26516

CVE-2022-26516 affects Red Lion DA50N gateways. The weakness is Insufficient Verification of Data Authenticity (web UI update process), allowing an authorized user to install a maliciously modified package file if it’s sourced from unauthorized or compromised files between download and deployment...

CVE-2022-26516 ICSA-22-104-03 Red Lion DA50N

Authorized users may install a maliciously modified package file when updating the device via the web user interface. The user may inadvertently use a package file obtained from an unauthorized source or a file that was compromised between download and deployment...

GNOME Epiphany 缓冲区错误漏洞

GNOME Epiphany is a simple, clean web view. A security vulnerability exists in GNOME Epiphany before 41.4, which stems from the fact that HTML documents can trigger client-side buffer overflows in ephystringshorten in the UI process via long page titles...

CVE-2022-22436

IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 224164...

CVE-2022-21480

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain component: User Interface. Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Transportati...

CVE-2022-21469

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager component: UI Framework. Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterpris...

CVE-2022-21480

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain component: User Interface. Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Transportati...

Design/Logic Flaw

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain component: User Interface. Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Transportati...

CVE-2022-21480

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain component: User Interface. Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Transportati...

CVE-2022-21480

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain component: User Interface. Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Transportati...

The vulnerability of the WebUI component of the Oracle Enterprise Session Border Controller allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the Oracle Enterprise Session Border Controller’s WebUI component exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to remotely gain access to modify, add, or delete data through HTTP requests...

PT-2022-4325 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This...

PT-2022-2925 · Microsoft · Power Bi +1

Name of the Vulnerable Software and Affected Versions: Microsoft Power BI affected versions not specified Description: The issue is related to errors in the representation of information by the user interface of the Microsoft Power BI local data gateway component, Microsoft On-Premises Data...

KLA12510 Spoofing vulnerability in Microsoft SQL Server

A spoofing vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2022-23292 Related products Microsoft-Power-BI CVE list CVE-2022-23292 warning KB list Solution Install necessary updates from the KB section...

CVE-2021-39068

IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

The vulnerability of the User Interface component of the Oracle iStore system, a system for creating, managing, and personalizing online stores, allows a malicious actor to gain unauthorized access to read, modify, or delete data.

The vulnerability of the User Interface component of the Oracle iStore system, which is used for creating, managing, and personalizing online stores, is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorize...

The vulnerability of Microsoft Edge browser, related to information representation errors in the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of Microsoft Edge relates to information representation errors in the user interface. Exploiting this vulnerability can allow a remote attacker to perform spear-phishing attacks...

The vulnerability of the corporate platform Microsoft Teams, related to errors in information presentation by the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of the corporate platform Microsoft Teams is related to errors in information representation by the user interface. Exploiting this vulnerability allows a malicious actor to carry out spear-phishing attacks using specially crafted URLs...

KLA12497 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. Out of bounds memory read vulnerability in JIT Codegen Extensions...