Huawei HarmonyOS 安全漏洞

Huawei Emui is a mobile operating system developed based on Android.Magic Ui is a mobile operating system developed based on Android. Huawei Emui and Magic UI have security vulnerabilities that can be exploited by attackers to compromise service confidentiality...

Huawei HarmonyOS 代码问题漏洞

Huawei Emui is a mobile operating system developed based on Android.Magic Ui is a mobile operating system developed based on Android. A security vulnerability exists in Huawei Emui and Magic UI, which stems from an incorrect programmatic call to an advanced local procedure. An attacker can exploi...

Huawei Smartphone 代码注入漏洞

Huawei Emui is a mobile operating system developed based on Android.Magic Ui is a mobile operating system developed based on Android. A code injection vulnerability exists in Huawei Emui and Magic UI, which can be exploited to exhaust system resources and cause a system reboot...

Huawei Smartphone 安全漏洞

Huawei Emui is a mobile operating system developed based on Android.Magic Ui is a mobile operating system developed based on Android. A security vulnerability exists in Huawei Emui and Magic UI, which can be exploited by an attacker to cause the transmission of certain virtual information...

Huawei HarmonyOS 输入验证错误漏洞

Huawei Emui is a mobile operating system developed based on Android.Magic Ui is a mobile operating system developed based on Android. Huawei Emui and Magic UI have security vulnerabilities that can be exploited by attackers to compromise service integrity...

Huawei HarmonyOS 处理逻辑错误漏洞

Huawei Emui is a mobile operating system developed based on Android.Magic Ui is a mobile operating system developed based on Android. Huawei Emui and Magic UI have security vulnerabilities that can be exploited by attackers to compromise service integrity and availability...

CVE-2021-29713

IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

PT-2021-4620 · Cisco · Cisco Firepower Management Center

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center Software affected versions not specified Description: A vulnerability in the administrative web-based GUI configuration manager could allow an authenticated, remote attacker to access sensitive configuration...

Gradle 代码注入漏洞

Gradle is the U.S. Gradle company's set of JVM-based project build tool , it supports maven, Ivy repository and so on. A remote code execution vulnerability exists in Gradle Enterprise prior to 2021.1.2, which stems from the installation configuration user interface available to administrators...

The vulnerability of the user interface of Google Chrome’s web UI, related to the use of memory after it is released, allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the user interface of Google Chrome’s web UI is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service interruptions through a specially created HTML...

DEBIAN-CVE-2021-41182

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now...

org.webjars.npm:evol-colorpicker (=3.4.2), org.webjars.npm:jquery-ui-multidatespicker (=1.6.6) potentially affected by CVE-2021-41183 via org.webjars.npm:jquery-ui (=1.13.0-rc.3)

org.webjars.npm:jquery-ui MAVEN version =1.13.0-rc.3 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:jquery-ui and may be impacted: - org.webjars.npm:evol-colorpicker =3.4.2 - org.webjars.npm:jquery-ui-multidatespicker =1.6.6 Source cve...

org.webjars.npm:evol-colorpicker (=3.4.2), org.webjars.npm:jquery-ui-multidatespicker (=1.6.6) potentially affected by CVE-2021-41184 via org.webjars.npm:jquery-ui (=1.13.0-rc.3)

org.webjars.npm:jquery-ui MAVEN version =1.13.0-rc.3 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:jquery-ui and may be impacted: - org.webjars.npm:evol-colorpicker =3.4.2 - org.webjars.npm:jquery-ui-multidatespicker =1.6.6 Source cve...

CVE-2021-41182 XSS in the `altField` option of the Datepicker widget

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now...

CVE-2021-35616

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain component: UI Infrastructure. The supported version that is affected is 6.4.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Transportation...

CVE-2021-35585

Vulnerability in the Oracle Incentive Compensation product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Incentive...

CVE-2021-35570

Vulnerability in the Oracle Mobile Field Service product of Oracle E-Business Suite component: Admin UI. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

Oracle E-Business Suite Unauthorized Access Vulnerability (CNVD-2022-02351)

Oracle E-Business Suite is an extension of the original Application ERP and includes a collection of ERP Enterprise Resource Planning Management, HR Human Resource Management, CRM Customer Relationship Management and other applications that are seamlessly integrated into one management suite...

The vulnerability of the Microsoft Dynamics 365 resource planning software, related to errors in the user interface’s information presentation, allows a perpetrator to carry out spear-phishing attacks.

The vulnerability of the Microsoft Dynamics 365 resource planning software is related to errors in information presentation by the user interface. Exploiting this vulnerability allows a malicious actor to carry out spear-phishing attacks using specially crafted requests...

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite is an extension of the original Application ERP and includes a collection of ERP Enterprise Resource Planning Management, HR Human Resource Management, CRM Customer Relationship Management and other applications that are seamlessly integrated into one management suite...