CWE:
 

Sorry. No results for Bugtraq WLB2


CVEMAP Search Results

CVE
Details
Description
2020-06-24
Low
CVE-2020-4322

Vendor: IBM
Software: Security sec...
 

 
IBM Security Secret Server 10.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 177511.

 
2020-06-15
Low
CVE-2020-4406

Updating...
 

 
IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 179488.

 
2020-05-12
Low
CVE-2020-4195

Vendor: IBM
Software: Api connect
 

 
IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 174859.

 
2020-04-24
Low
CVE-2020-6827

Updating...
 

 
When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI. <br> *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.7.

 
2020-04-20
Medium
CVE-2020-9444

Vendor: Zulip
Software: Zulip server
 

 
Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality.

 
2020-04-15
Low
CVE-2020-10951

Vendor: Westerndigital
Software: IBI
 

 
Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages.

 
2020-04-06
Medium
CVE-2020-1728

Vendor: Redhat
Software: Keycloak
 

 
A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors.

 
2020-04-02
Low
CVE-2019-19001

Vendor: ABB
Software: Esoms
 

 
For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials.

 
2020-02-27
Medium
CVE-2015-5686

Vendor: Puppet
Software: Puppet enter...
 

 
Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. This would allow an attacker to redirect user input to an untrusted site or hijack a user session.

 
2020-02-13
Low
CVE-2020-0014

Vendor: Google
Software: Android
 

 
It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable. This could lead to a local escalation of privilege with no additional execution privileges needed. User action is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-128674520

 

 


Copyright 2020, cxsecurity.com

 

Back to Top