Lucene search
K

259 matches found

NVD
NVD
added 2024/10/24 9:15 p.m.11 views

CVE-2024-10327

A vulnerability in Okta Verify for iOS versions 9.25.1 beta and 9.27.0 including beta allows push notification responses through the iOS ContextExtension feature allowing the authentication to proceed regardless of the user’s selection. When a user long-presses the notification banner and selects...

8.1CVSS0.00573EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/24 8:17 p.m.11 views

CVE-2024-10327

A vulnerability in Okta Verify for iOS versions 9.25.1 beta and 9.27.0 including beta allows push notification responses through the iOS ContextExtension feature allowing the authentication to proceed regardless of the user’s selection. When a user long-presses the notification banner and selects...

8.1CVSS6.6AI score0.00573EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/24 8:17 p.m.15 views

CVE-2024-10327

A vulnerability in Okta Verify for iOS versions 9.25.1 beta and 9.27.0 including beta allows push notification responses through the iOS ContextExtension feature allowing the authentication to proceed regardless of the user’s selection. When a user long-presses the notification banner and selects...

8.1CVSS0.00573EPSS
Exploits0References2
CVE
CVE
added 2024/10/24 8:17 p.m.43 views

CVE-2024-10327

CVE-2024-10327 affects Okta Verify for iOS 9.25.1 (beta)–9.27.0 (including beta). The vulnerability allows push notification responses via the iOS ContextExtension to authenticate regardless of user choice, across scenarios: locked-screen replies, home-screen drag-and-reply, and Apple Watch repli...

8.1CVSS6.4AI score0.00573EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/08/06 12:0 a.m.5 views

Gorush 安全漏洞

Gorush is a push notification server written in Go by Bo-Yi Wu, an individual developer. A security vulnerability exists in Gorush v1.18.4, which stems from the use of a deprecated version of TLS in the RunHTTPServer function. An attacker can use this vulnerability to intercept and manipulate dat...

9.1CVSS6.5AI score0.00308EPSS
Exploits0References2
NVD
NVD
added 2024/07/15 9:15 a.m.19 views

CVE-2024-39767

Mattermost Mobile Apps versions =2.16.0 fail to validate that the push notifications received for a server actually came from this serve that which allows a malicious server to send push notifications with another server’s diagnostic ID or server URL and have them show up in mobile apps as that...

6.5CVSS0.00208EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/15 12:0 a.m.6 views

PT-2024-28665 · Mattermost +1 · Mattermost Mobile Apps +1

Name of the Vulnerable Software and Affected Versions: Mattermost Mobile Apps versions =2.16.0 Description: The issue allows a malicious server to send push notifications with another server's diagnostic ID or server URL, making them appear as legitimate push notifications from the actual server ...

9.8CVSS6.4AI score0.07663EPSS
Exploits0References20
BDU FSTEC
BDU FSTEC
added 2024/03/04 12:0 a.m.7 views

The vulnerability of the Microsoft Edge browser’s Push Notification Service on Android operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Microsoft Edge browser’s Push Notification Service on Android operating systems is related to insufficient protection of service-related data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information through a specially...

5CVSS5.5AI score0.01243EPSS
Exploits0References4Affected Software1
AlpineLinux
AlpineLinux
added 2024/02/21 4:15 p.m.22 views

CVE-2022-45169

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site Open Redirect can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. Th...

5.9CVSS7.2AI score0.00265EPSS
Exploits0References1
OSV
OSV
added 2024/02/21 4:15 p.m.5 views

CVE-2022-45169

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site Open Redirect can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. Th...

5.4CVSS5.9AI score0.00265EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/02/21 4:15 p.m.3 views

CVE-2022-45169

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site Open Redirect can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. Th...

5.9CVSS5.9AI score0.00265EPSS
Exploits0References2
Prion
Prion
added 2024/02/21 4:15 p.m.13 views

Open redirect

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site Open Redirect can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. Th...

7AI score0.00265EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/21 12:0 a.m.12 views

CVE-2022-45169

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site Open Redirect can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. Th...

6.8AI score0.00265EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/21 12:0 a.m.24 views

CVE-2022-45169

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site Open Redirect can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. Th...

5.7AI score0.00265EPSS
Exploits0References1
CVE
CVE
added 2024/02/21 12:0 a.m.696 views

CVE-2022-45169

CVE-2022-45169 affects LIVEBOX Collaboration vDesk (through v031). It describes an Open Redirect: an authenticated user can trigger a URL redirection via /api/v1/notification/createnotification to send a push notification to another user that can include an invisible clickable link. Reported metr...

5.9CVSS5.4AI score0.00265EPSS
Exploits0References1Affected Software1
Malwarebytes
Malwarebytes
added 2023/12/18 8:7 a.m.17 views

A week in security (December 11 – December 17)

Last week on Malwarebytes Labs: PikaBot distributed via malicious search ads Chrome starts the countdown to the end of tracking cookies Apple to introduce new feature that makes life harder for iPhone thieves Recently-patched Apache Struts vulnerability used in worldwide attacks ALPHV ransomware...

6.8AI score
Exploits0
Redos
Redos
added 2023/09/20 12:0 a.m.31 views

ROS-20230919-01

Vulnerability of FilePickerShownCallback function in Mozilla Firefox, Firefox ESR and Thunderbird e-mail client Thunderbird is related to memory usage after it is freed. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality, integrity, and availability of...

8.8CVSS7.5AI score0.00756EPSS
Exploits0
Redos
Redos
added 2023/09/20 12:0 a.m.43 views

ROS-20230919-02

Vulnerability of FilePickerShownCallback function in Mozilla Firefox, Firefox ESR and Thunderbird e-mail client Thunderbird is related to memory usage after it is freed. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality, integrity, and availability of...

8.8CVSS7.5AI score0.00756EPSS
Exploits0
Veracode
Veracode
added 2023/09/03 12:40 p.m.24 views

Information Disclosure

firefox-esr is vulnerable to Information Disclosure. The vulnerability occurs due to push notification data stored in private browser mode not being encrypted resulting in a potential leakage of sensitive information...

6.5CVSS6.5AI score0.00361EPSS
Exploits0References5Affected Software3
Patchstack
Patchstack
added 2023/08/23 12:0 a.m.5 views

WordPress Push Notification for Post and BuddyPress Plugin < 1.64 is vulnerable to Broken Access Control

Software Push Notification for Post and BuddyPress Type Plugin Vulnerable versions 1.64 Fixed in 1.64 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d085fa7b4246 Credits Unknown Required...

6.9AI score
Exploits0References2Affected Software1
Rows per page
Query Builder