259 matches found
CVE-2024-10327
A vulnerability in Okta Verify for iOS versions 9.25.1 beta and 9.27.0 including beta allows push notification responses through the iOS ContextExtension feature allowing the authentication to proceed regardless of the user’s selection. When a user long-presses the notification banner and selects...
CVE-2024-10327
A vulnerability in Okta Verify for iOS versions 9.25.1 beta and 9.27.0 including beta allows push notification responses through the iOS ContextExtension feature allowing the authentication to proceed regardless of the user’s selection. When a user long-presses the notification banner and selects...
CVE-2024-10327
A vulnerability in Okta Verify for iOS versions 9.25.1 beta and 9.27.0 including beta allows push notification responses through the iOS ContextExtension feature allowing the authentication to proceed regardless of the user’s selection. When a user long-presses the notification banner and selects...
CVE-2024-10327
CVE-2024-10327 affects Okta Verify for iOS 9.25.1 (beta)–9.27.0 (including beta). The vulnerability allows push notification responses via the iOS ContextExtension to authenticate regardless of user choice, across scenarios: locked-screen replies, home-screen drag-and-reply, and Apple Watch repli...
Gorush 安全漏洞
Gorush is a push notification server written in Go by Bo-Yi Wu, an individual developer. A security vulnerability exists in Gorush v1.18.4, which stems from the use of a deprecated version of TLS in the RunHTTPServer function. An attacker can use this vulnerability to intercept and manipulate dat...
CVE-2024-39767
Mattermost Mobile Apps versions =2.16.0 fail to validate that the push notifications received for a server actually came from this serve that which allows a malicious server to send push notifications with another server’s diagnostic ID or server URL and have them show up in mobile apps as that...
PT-2024-28665 · Mattermost +1 · Mattermost Mobile Apps +1
Name of the Vulnerable Software and Affected Versions: Mattermost Mobile Apps versions =2.16.0 Description: The issue allows a malicious server to send push notifications with another server's diagnostic ID or server URL, making them appear as legitimate push notifications from the actual server ...
The vulnerability of the Microsoft Edge browser’s Push Notification Service on Android operating systems allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Microsoft Edge browser’s Push Notification Service on Android operating systems is related to insufficient protection of service-related data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information through a specially...
CVE-2022-45169
An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site Open Redirect can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. Th...
CVE-2022-45169
An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site Open Redirect can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. Th...
CVE-2022-45169
An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site Open Redirect can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. Th...
Open redirect
An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site Open Redirect can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. Th...
CVE-2022-45169
An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site Open Redirect can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. Th...
CVE-2022-45169
An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site Open Redirect can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. Th...
CVE-2022-45169
CVE-2022-45169 affects LIVEBOX Collaboration vDesk (through v031). It describes an Open Redirect: an authenticated user can trigger a URL redirection via /api/v1/notification/createnotification to send a push notification to another user that can include an invisible clickable link. Reported metr...
A week in security (December 11 – December 17)
Last week on Malwarebytes Labs: PikaBot distributed via malicious search ads Chrome starts the countdown to the end of tracking cookies Apple to introduce new feature that makes life harder for iPhone thieves Recently-patched Apache Struts vulnerability used in worldwide attacks ALPHV ransomware...
ROS-20230919-01
Vulnerability of FilePickerShownCallback function in Mozilla Firefox, Firefox ESR and Thunderbird e-mail client Thunderbird is related to memory usage after it is freed. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality, integrity, and availability of...
ROS-20230919-02
Vulnerability of FilePickerShownCallback function in Mozilla Firefox, Firefox ESR and Thunderbird e-mail client Thunderbird is related to memory usage after it is freed. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality, integrity, and availability of...
Information Disclosure
firefox-esr is vulnerable to Information Disclosure. The vulnerability occurs due to push notification data stored in private browser mode not being encrypted resulting in a potential leakage of sensitive information...
WordPress Push Notification for Post and BuddyPress Plugin < 1.64 is vulnerable to Broken Access Control
Software Push Notification for Post and BuddyPress Type Plugin Vulnerable versions 1.64 Fixed in 1.64 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d085fa7b4246 Credits Unknown Required...