Total
114 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27773 | 1 Hcltech | 1 Sametime | 2024-11-21 | 4.3 MEDIUM | 4.2 MEDIUM |
| This vulnerability allows users to execute a clickjacking attack in the meeting's chat. | |||||
| CVE-2021-27414 | 1 Hitachienergy | 1 Ellipse Enterprise Asset Management | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials. | |||||
| CVE-2021-22866 | 1 Github | 1 Enterprise Server | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. All permissions being granted would properly be shown during the first authorization, but in certain circumstances, if the user revisits the authorization flow after the GitHub App has configured additional user-level permissions, those additional permissions may not be shown, leading to more permissions being granted than the user potentially intended. This vulnerability affected GitHub Enterprise Server 3.0.x prior to 3.0.7 and 2.22.x prior to 2.22.13. It was fixed in versions 3.0.7 and 2.22.13. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2020-7371 | 1 Raiseitsolutions | 1 Rits Browser | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects the RITS Browser version 3.3.9 and prior versions. | |||||
| CVE-2020-7370 | 1 Boltbrowser | 1 Bolt Browser | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of Danyil Vasilenko's Bolt Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects the Bolt Browser version 1.4 and prior versions. | |||||
| CVE-2020-7369 | 1 Yandex | 1 Yandex Browser | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects the Yandex Browser version 20.8.3 and prior versions, and was fixed in version 20.8.4 released October 1, 2020. | |||||
| CVE-2020-7364 | 1 Ucweb | 1 Uc Browser | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb's UC Browser version 13.0.8 and prior versions. | |||||
| CVE-2020-7363 | 1 Ucweb | 1 Uc Browser | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb's UC Browser version 13.0.8 and prior versions. | |||||
| CVE-2020-10775 | 2 Oracle, Redhat | 2 Virtualization, Ovirt-engine | 2024-11-21 | 2.6 LOW | 5.3 MEDIUM |
| An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible. The highest threat from this vulnerability is on confidentiality. | |||||
| CVE-2024-49040 | 1 Microsoft | 1 Exchange Server | 2024-11-16 | N/A | 7.5 HIGH |
| Microsoft Exchange Server Spoofing Vulnerability | |||||
| CVE-2024-51749 | 2024-11-13 | N/A | 3.5 LOW | ||
| Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in element-web 1.11.85. | |||||
| CVE-2024-38197 | 1 Microsoft | 1 Teams | 2024-10-22 | N/A | 6.5 MEDIUM |
| Microsoft Teams for iOS Spoofing Vulnerability | |||||
| CVE-2024-47044 | 2024-10-17 | N/A | 5.3 MEDIUM | ||
| Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION are vulnerable to insufficient access restrictions for Device Setting pages. If this vulnerability is exploited, an attacker who identified WAN-side IPv6 address may access the product's Device Setting page via WAN-side. Note that, the same products are also provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION, but the vulnerability only affects products subscribed and used in NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION areas. | |||||
| CVE-2024-7529 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-08-12 | N/A | 6.5 MEDIUM |
| The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. | |||||