App Security Vulnerabilities
Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead a user to access an arbitrary website via another application installed on the user's...
4.7CVSS
4.5AI Score
0.001EPSS
Improper verification of applications' cryptographic signatures in the /e/OS app store client App Lounge before 0.19q allows attackers in control of the application server to install malicious applications on user's systems by altering the server's API...
6.5CVSS
6.4AI Score
0.0005EPSS
Improper authorization in the custom URL scheme handler in "Rikunabi NEXT" App for Android prior to ver. 11.5.0 allows a malicious intent to lead the vulnerable App to access an arbitrary...
6.1CVSS
6.2AI Score
0.0005EPSS
Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass.This issue affects Kunduz - Homework Helper App: before...
9.8CVSS
9.4AI Score
0.001EPSS
The "OX Chat" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker...
5.4CVSS
5.8AI Score
0.001EPSS
Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts...
7.5CVSS
7.5AI Score
0.001EPSS
The "OX Count" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker...
5.4CVSS
5.8AI Score
0.001EPSS
Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit...
5.4CVSS
5.6AI Score
0.001EPSS
The "upsell" widget for the portal allows to specify a product description. This description taken from a user-controllable jslob did not get escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering...
5.4CVSS
5.5AI Score
0.001EPSS
External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use (TOCTOU) weakness, involving the JDK DNS cache. Attackers that were timing DNS cache expiry correctly were able to inject configuration that would bypass existing network deny-lists. Attackers could...
4.3CVSS
4.2AI Score
0.001EPSS
The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL statement. Attackers with access to a local or restricted network were able to perform arbitrary SQL queries, discovering other users cached data. We have...
7.8CVSS
7.7AI Score
0.0004EPSS
The users clientID at "application passwords" was not sanitized or escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would....
5.4CVSS
5.5AI Score
0.001EPSS
Frontend themes are defined by user-controllable jslob settings and could point to a malicious resource which gets processed during login. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and...
5.4CVSS
5.5AI Score
0.001EPSS
The cacheservice API could be abused to indirectly inject parameters with SQL syntax which was insufficiently sanitized and would later be executed when creating new cache groups. Attackers with access to a local or restricted network could perform arbitrary SQL queries. We have improved the input....
7.8CVSS
7.7AI Score
0.0004EPSS
In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. An attacker with access to a local or restricted network with the capability to intercept and replay HTTP requests to sproxyd (or who is in control of the sproxyd...
3.2CVSS
4.1AI Score
0.001EPSS
Attackers with access to user accounts can inject arbitrary control characters to SIEVE mail-filter rules. This could be abused to access SIEVE extension that are not allowed by App Suite or to inject rules which would break per-user filter processing, requiring manual cleanup of such rules. We...
4.3CVSS
4.7AI Score
0.001EPSS
Cacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. An attacker with access to the database and a local or restricted network would be able to read arbitrary local file system resources that are accessible by the...
5.7CVSS
5.4AI Score
0.0004EPSS
Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. With existing sanitization in place, this can be abused to trigger benign SQL Exceptions but could potentially be escalated to a malicious SQL injection vulnerability. We now properly encode single...
9.8CVSS
9.6AI Score
0.001EPSS
In PowerShell App Deployment Toolkit (aka PSAppDeployToolkit) through 3.8.0, an incorrect access control vulnerability in the default configuration may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.7AI Score
0.0004EPSS
Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier allow attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in....
6.5CVSS
6.3AI Score
0.001EPSS
Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets...
8.1CVSS
7.6AI Score
0.001EPSS
A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is...
5.5CVSS
5.5AI Score
0.0004EPSS
"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external...
5.5CVSS
5AI Score
0.0004EPSS
An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter version RPT70HA1.x, allows attackers to force a factory reset via crafted...
7.5CVSS
7.4AI Score
0.001EPSS
Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. Access to this API endpoint is restricted to local networks by default. Arbitrary code could be injected that is being executed when processing....
8.8CVSS
8.4AI Score
0.001EPSS
Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. Signatures of other users could be read even though they are not explicitly shared. We improved permission handling when requesting snippets that are not explicitly shared.....
6.5CVSS
6.4AI Score
0.002EPSS
It was possible to call filesystem and network references using the local LibreOffice instance using manipulated ODT documents. Attackers could discover restricted network topology and services as well as including local files with read permissions of the open-xchange system user. This was limited....
5CVSS
4.9AI Score
0.002EPSS
Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are...
3.3CVSS
4.2AI Score
0.0004EPSS
IPv4-mapped IPv6 addresses did not get recognized as "local" by the code and a connection attempt is made. Attackers with access to user accounts could use this to bypass existing deny-list functionality and trigger requests to restricted network infrastructure to gain insight about topology and...
5CVSS
4.9AI Score
0.002EPSS
Control characters were not removed when exporting user feedback content. This allowed attackers to include unexpected content via user feedback and potentially break the exported data structure. We now drop all control characters that are not whitespace character during the export. No publicly...
5.3CVSS
5.3AI Score
0.002EPSS
When adding an external mail account, processing of SMTP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue SMTP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted SMTP server...
4.3CVSS
4.6AI Score
0.002EPSS
When adding an external mail account, processing of IMAP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue IMAP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted IMAP server...
4.3CVSS
4.6AI Score
0.002EPSS
When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue POP3 service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted POP3 server...
4.3CVSS
4.6AI Score
0.002EPSS
A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK EventCam App. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The...
9.8CVSS
7.2AI Score
0.001EPSS
A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. The lack of authentication in the API allows the attacker to potentially compromise the functionality of the EventCam...
9.8CVSS
9.4AI Score
0.001EPSS
Mattermost fails to verify if the requestor is a sysadmin or not, before allowing install requests to the Apps allowing a regular user send install requests to the...
6.5CVSS
6.4AI Score
0.0005EPSS
Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the...
4.3CVSS
4.3AI Score
0.0005EPSS
A local privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows enables a local user to execute programs with elevated...
7.8CVSS
7.7AI Score
0.0004EPSS
A cross-site request forgery (CSRF) vulnerability in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in...
6.5CVSS
6.3AI Score
0.001EPSS
A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in...
6.5CVSS
6.2AI Score
0.001EPSS
Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, and Jiyu Kukan Toku-Toku coupon App for Android versions 3.5.0 and earlier are vulnerable to improper server certificate verification. If this vulnerability is exploited, a man-in-the-middle attack may allow an attacker to...
4.8CVSS
4.8AI Score
0.001EPSS
In the Splunk App for Lookup File Editing versions below 4.0.1, a low-privileged user can, with a specially crafted web request, trigger a path traversal exploit that can then be used to read and write to restricted areas of the Splunk installation...
8.1CVSS
7.9AI Score
0.001EPSS
In Splunk App for Stream versions below 8.1.1, a low-privileged user could use a vulnerability in the streamfwd process within the Splunk App for Stream to escalate their privileges on the machine that runs the Splunk Enterprise instance, up to and including the root...
9.9CVSS
9.4AI Score
0.001EPSS
In the Splunk App for Lookup File Editing versions below 4.0.1, a user can insert potentially malicious JavaScript code into the app, which causes that code to run on the user’s machine. The app itself does not contain the potentially malicious JavaScript code. The vulnerability requires the...
6.1CVSS
6.2AI Score
0.001EPSS
OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all endpoints, e.g., reading from a drive, reading contact data, and renaming...
4.2CVSS
4.5AI Score
0.001EPSS
OX App Suite before frontend 7.10.6-rev24 allows XSS via a non-app deeplink such as the jslob API's registry...
6.1CVSS
5.9AI Score
0.001EPSS
OX App Suite before backend 7.10.6-rev37 does not check size limits when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of...
6.5CVSS
6.3AI Score
0.001EPSS
OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post...
6.1CVSS
5.9AI Score
0.001EPSS
OX App Suite before backend 7.10.6-rev37 has an information leak in the handling of distribution lists, e.g., partial disclosure of the private contacts of another...
4.3CVSS
4.3AI Score
0.001EPSS
OX App Suite before backend 7.10.6-rev37 allows authenticated users to bypass access controls (for reading contacts) via a move to their own address...
4.3CVSS
4.4AI Score
0.001EPSS