HUAWEI EMUI/Magic UI 输入验证错误漏洞

Huawei Emui is an Android-based mobile operating system. Huawei Magic UI is the operating system for Honor phones. Huawei EMUI/Magic UI suffers from an integer overflow vulnerability. An attacker can exploit the vulnerability to cause a system reset...

CVE-2020-5004

IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957...

CVE-2020-5004

IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957...

IBM Jazz Foundation 跨站脚本漏洞

IBM Jazz Foundation is a next-generation collaboration platform for software delivery technologies from IBM. IBM Jazz Foundation has a cross-site scripting vulnerability that could allow a remote attacker to embed arbitrary JavaScript code in the Web UI to alter the intended functionality,...

@antlerengineering/components (>=2.4.0 <=2.10.3), @antlerengineering/form-builder (>=2.1.7 <=2.4.1) +76 more potentially affected by CVE-2021-23411 via anchorme (>=0.7.2 <=2.1.2)

anchorme NPM version =0.7.2, =2.4.0, =2.1.7, =2.10.4, =0.2.2, =0.2.2, =0.6.22, =0.0.1, =2.1.0, =0.0.1, =12.4.0, =0.7.11, =0.6.100, =0.6.100, =0.6.6, =1.1.12, =1.1.14 and more Source cves: CVE-2021-23411 Source advisory: OSV:GHSA-W4WQ-RVMQ-77X7...

CVE-2021-20560

IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and...

CVE-2021-20560

IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and...

Design/Logic Flaw

IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and...

IBM Sterling B2B Integrator 跨站脚本漏洞

IBM Sterling B2B Integrator is a transaction engine, a set of components that run the processes you define and manage based on your business needs.IBM Sterling B2B Integrator is vulnerable to a cross-site scripting vulnerability that could be exploited by an attacker to embed arbitrary JavaScript...

Denial Of Service

Chromium is vulnerable to denial of service. It is due to incorrect security UI in Downloads...

Security Bulletin: HTTP Header Vulnerability Affects IBM Sterling Connect:Direct Browser User Interface (CVE-2021-20560)

Summary There are issue with HTTP header 'X-Frame-Options' not present. IBM Sterling Connect:Direct Browser has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-20560 DESCRIPTION: IBM Sterling Connect:Direct Browser User Interface could allow a remote attacker to hijack the...

CVE-2021-34700

A vulnerability in the CLI interface of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read arbitrary files on the underlying file system of an affected system. This vulnerability exists because access to sensitive information on an affected system is not sufficient...

CVE-2021-2439

Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion component: UI and Visualization. Supported versions that are affected are 11.1.2.4 and 11.2.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion BI+...

CVE-2021-2406

Vulnerability in the Oracle Collaborative Planning product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Collaborative...

Oracle E-Business Suite Unauthorized Access Vulnerability (CNVD-2021-57446)

Oracle E-Business Suite is an extension of the original Application ERP, including ERP Enterprise Resource Planning, HR Human Resource Management, CRM Customer Relationship Management and so on, a collection of management software, is seamlessly integrated with a management suite.Oracle...

Form mode manager - Moderately critical - Access bypass - SA-CONTRIB-2021-023

This module provides a user interface that allows the implementation and use of Form modes without custom development. The module does not sufficiently respect access restrictions to entity forms for routes it creates to use specific form modes. This vulnerability is mitigated by the fact that an...

PT-2021-3751 · Cisco · Cisco Sd-Wan Vmanage

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN vManage Software affected versions not specified Description: A vulnerability in the CLI interface of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read arbitrary files on the underlying file syste...

PT-2021-3773 · Cockpit +5 · Cockpit +5

Name of the Vulnerable Software and Affected Versions: Cockpit affected versions not specified Description: The issue is related to clickjacking attacks, where a malicious website can render a page from a Cockpit server inside an iframe HTML entry. This could be exploited by a malicious website t...

CVE-2021-20507

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID...

IBM Jazz Foundation 跨站脚本漏洞

IBM Jazz Foundation is a next-generation collaboration platform for software delivery technologies from IBM. A cross-site scripting vulnerability exists in IBM Jazz Foundation and IBM Engineering. An attacker could exploit the vulnerability to embed arbitrary JavaScript code in the Web UI to chan...