Lucene search

K

Companion App Security Vulnerabilities

cve
cve

CVE-2023-22524

Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and MacOS Gatekeeper to allow execution of...

9.8CVSS

9.5AI Score

0.002EPSS

2023-12-06 05:15 AM
18
cve
cve

CVE-2023-44385

The Home Assistant Companion for iOS and macOS app up to version 2023.4 are vulnerable to Client-Side Request Forgery. Attackers may send malicious links/QRs to victims that, when visited, will make the victim to call arbitrary services in their Home Assistant installation. Combined with this...

8.8CVSS

8.6AI Score

0.001EPSS

2023-10-19 11:15 PM
47
cve
cve

CVE-2023-41898

Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential...

8.6CVSS

7.6AI Score

0.001EPSS

2023-10-19 11:15 PM
49
cve
cve

CVE-2023-37512

When the app is put to the background and the user goes to the task switcher of iOS, the app snapshot is not blurred which may reveal sensitive...

5.5CVSS

5.4AI Score

0.0004EPSS

2023-08-11 01:15 AM
12
cve
cve

CVE-2020-4019

The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted search path...

7.8CVSS

7.4AI Score

0.001EPSS

2020-06-01 07:15 AM
23
cve
cve

CVE-2020-4020

The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism...

7.2CVSS

7.1AI Score

0.006EPSS

2020-06-01 07:15 AM
28
cve
cve

CVE-2020-0943

An authentication bypass vulnerability exists in Microsoft YourPhoneCompanion application for Android, in the way the application processes notifications generated by work profiles.This could allow an unauthenticated attacker to view notifications, aka 'Microsoft YourPhone Application for Android.....

4.6CVSS

6AI Score

0.001EPSS

2020-04-15 03:15 PM
39