8023 matches found
Code injection
Instagram iOS 106.0 and prior and Android 107.0.0.11 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages...
CVE-2022-0858
A cross-site scripting XSS vulnerability in McAfee Enterprise ePolicy Orchestrator ePO prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to limited abilit...
Cross site scripting
A cross-site scripting XSS vulnerability in McAfee Enterprise ePolicy Orchestrator ePO prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to limited abilit...
Cross site scripting
A reflected cross-site scripting XSS vulnerability in McAfee Enterprise ePolicy Orchestrator ePO prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to...
CVE-2022-0862 ePO password change vulnerability
A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise ePolicy Orchestrator ePO prior to 5.10 Update 13 allows a remote attacker to change the password of a compromised session without knowing the existing user's password. This functionality was removed from...
CVE-2022-0858 Cross-site scripting vulnerability in ePO
A cross-site scripting XSS vulnerability in McAfee Enterprise ePolicy Orchestrator ePO prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to limited abilit...
The vulnerability of Visual Studio Code’s source editor, related to errors in information representation on the user interface, allows attackers to perform spear-phishing attacks.
The vulnerability of Visual Studio Code’s source editor is related to errors in information representation by the user interface. Exploiting this vulnerability allows a malicious actor to perform spoofing attacks remotely...
The vulnerability of the Microsoft SharePoint software package, related to errors in information presentation on the user interface, allows a hacker to perform a spoofing attack.
The vulnerability of the Microsoft SharePoint software is related to errors in information presentation at the user interface level. Exploiting this vulnerability can allow a malicious actor to perform a spoofing attack remotely...
CVE-2022-22660
This issue was addressed with a new entitlement. This issue is fixed in macOS Monterey 12.3. An app may be able to spoof system notifications and UI...
CVE-2022-22654
A user interface issue was addressed. This issue is fixed in watchOS 8.5, Safari 15.4. Visiting a malicious website may lead to address bar spoofing...
CVE-2022-22654
A user interface issue was addressed. This issue is fixed in watchOS 8.5, Safari 15.4. Visiting a malicious website may lead to address bar spoofing...
CVE-2022-22660
This issue was addressed with a new entitlement. This issue is fixed in macOS Monterey 12.3. An app may be able to spoof system notifications and UI...
Design/Logic Flaw
A user interface issue was addressed. This issue is fixed in watchOS 8.5, Safari 15.4. Visiting a malicious website may lead to address bar spoofing...
CVE-2022-22654
A user interface issue was addressed. This issue is fixed in watchOS 8.5, Safari 15.4. Visiting a malicious website may lead to address bar spoofing...
The vulnerability of the Microsoft Dynamics 365 resource planning software, related to errors in the user interface’s information presentation, allows a perpetrator to carry out spear-phishing attacks.
The vulnerability of the Microsoft Dynamics 365 resource planning software is related to errors in information presentation at the user interface level. Exploiting this vulnerability allows an attacker to perform spear-phishing attacks remotely...
The vulnerability of the Microsoft SharePoint Server software, related to errors in information presentation on the user interface, allows attackers to perform spear-phishing attacks.
The vulnerability of the Microsoft SharePoint Server software is related to errors in information presentation at the user interface level. Exploiting this vulnerability can allow attackers to perform spear-phishing attacks remotely...
The vulnerability of the Microsoft SharePoint Server software, related to errors in information presentation on the user interface, allows attackers to perform spear-phishing attacks.
The vulnerability of the Microsoft SharePoint Server software is related to errors in information presentation at the user interface level. Exploiting this vulnerability can allow attackers to perform spear-phishing attacks remotely...
The vulnerability of Microsoft Edge browser for Android, related to information representation errors in the user interface, allows a hacker to perform a spoofing attack.
The vulnerability of Microsoft Edge browser for Android is related to information representation errors in the user interface. Exploiting this vulnerability can allow a malicious actor to perform a spoofing attack remotely...
GHSA-CR8C-972V-RMP3 pgAdmin 4 Path Traversal vulnerability
When run in server mode, pgAdmin 4 allows users to store files on the server under individual storage directories. Files such as SQL scripts may be uploaded through the user interface. The URI to which upload requests are made fails to validate the upload path to prevent path traversal techniques...
The vulnerability in the implementation of the Windows Authenticode signature technology of the Microsoft Windows operating system allows attackers to perform spoofing attacks.
The vulnerability of the Authenticode signature technology implemented in Microsoft Windows operating systems is related to errors in information presentation by the user interface. Exploiting this vulnerability can allow attackers to perform spoofing attacks...