KLA12356 RCE vulnerability in Apple iTunes

Remote code execution vulnerability was found in Apple iTunes U for iOS and iPadOS. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories About the security content of iTunes U 3.8.3 Related products Apple-iTunes CVE list CVE-2021-30862 high Solution Update...

PT-2021-6345 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: The issue is related to errors in the user interface's representation of information. It may allow a remote attacker to conduct spoofing attacks, affecting the system...

PT-2021-6332 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: The issue is related to errors in the representation of information by the user interface in Microsoft SharePoint Server. It allows a remote attacker to conduct spoofing...

IBM Security Guardium 安全漏洞

IBM Security Guardium is a suite of platforms from IBM in the United States that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. IBM Security Guardium has a security vulnerability that stems from a...

PT-2021-6412 · Microsoft · Office

Name of the Vulnerable Software and Affected Versions: Microsoft Office affected versions not specified Description: The issue is related to errors in the representation of information by the user interface in Microsoft Office. It allows a remote attacker to conduct spoofing attacks, affecting th...

KLA12285 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, gain privileges. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Visual Studio can be...

OPENSUSE-SU-2021:1250-1 Security update for nextcloud

This update for nextcloud fixes the following issues: Update to 20.0.12 Fix boo1190291: - CVE-2021-32766 CWE-209: Generation of Error Message Containing Sensitive Information - CVE-2021-32800 CWE-306: Missing Authentication for Critical Function - CVE-2021-32801 CWE-532: Insertion of Sensitive...

PT-2021-7168 · Yandex · Yandex Browser Lite

Name of the Vulnerable Software and Affected Versions: Yandex Browser Lite for Android affected versions not specified Description: The issue is related to errors in the user interface's representation of information. It may allow a remote attacker to exploit the vulnerability by substituting the...

CVE-2021-28494

In Arista's MOS Metamako Operating System software which is supported on the 7130 product line, under certain conditions, authentication is bypassed by unprivileged users who are accessing the Web UI. This issue affects: Arista Metamako Operating System MOS-0.34.0 and prior releases...

The vulnerability of Microsoft SharePoint Server and SharePoint Enterprise Server, related to information representation errors in the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of Microsoft SharePoint Server and SharePoint Enterprise Server lies in information representation errors in the user interface. Exploiting this vulnerability can allow attackers to perform spear-phishing attacks remotely...

KLA12272 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, spoof user interface. Below is a complete list of vulnerabilities: 1. A memory safety vulnerability can be exploited to execute arbitrary...

DEBIAN-CVE-2021-30619

Chromium: CVE-2021-30619 UI Spoofing in Autofill...

UBUNTU-CVE-2021-30621

Chromium: CVE-2021-30621 UI Spoofing in Autofill...

AdaptiveScale LXDUI 信任管理问题漏洞

AdaptiveScale LXDUI is a Web UI for LXD/LXC based Linux containers. A security vulnerability exists in AdaptiveScale LXDUI that can be exploited by an attacker to gain administrative access to the host system...

Aruba Operating System Cross-Site Request Forgery Vulnerability (CNVD-2021-77608)

Aruba Operating System is the operating system for Aruba controller-managed wireless LANs and Aruba mobile controllers from Aruba Networks, Inc. user interface to perform file deletion operations...

CVE-2021-34732

A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input...

PT-2021-7630 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge for iOS affected versions not specified Description: The issue is related to errors in the representation of information by the user interface, allowing a remote attacker to conduct spoofing attacks. Recommendations: At the...

The vulnerability of the microprogrammed control module software for Schneider Electric Easergy T300 RTU in transformer substations, related to errors in information representation by the user interface, allows a intruder to perform arbitrary actions.

The vulnerability of the microprogrammed control module software for Schneider Electric Easergy T300 RTU-based transformer automation systems is related to errors in information representation by the user interface. Exploiting this vulnerability allows a remote attacker to perform arbitrary actio...

IBM Planning Analytics 跨站脚本漏洞

IBM Planning Analytics, a planning, budgeting, forecasting and analytics solution, is vulnerable to a cross-site scripting vulnerability in IBM Planning Analytics version 2.0. An attacker could use this vulnerability to embed arbitrary JavaScript code in the Web UI, which could change the intende...