78 matches found
PT-2023-16179 · Uvdesk · Uvdesk
Name of the Vulnerable Software and Affected Versions: Uvdesk version 1.1.1 Description: The issue allows an unauthenticated remote attacker to exploit a stored XSS in the application. This is possible because the application does not correctly validate the message sent by the clients in the...
PT-2023-1394 · Argo Cd · Argo Cd
Name of the Vulnerable Software and Affected Versions: Argo CD versions 2.6.0-rc1 through 2.6.0 Description: The issue is related to an output sanitization bug in Argo CD, which leaks repository access credentials in error messages. These error messages are visible to the user and are logged. The...
JVN#13878856: Mobaoku-Auction & Flea Market App for iOS vulnerable to improper server certificate verification
Mobaoku-Auction & Flea Market App for iOS provided by DeNA Co., Ltd. is vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the application Update the application to the...
JVN#49047921: Jimoty App for Android uses a hard-coded API key for an external service
Jimoty App for Android provided by Jimoty, Inc. uses a hard-coded API key for an external service CWE-798. Impact API key for an external service may be obtained by analyzing data in the app. Note that a user is not directly affected by this vulnerability. Solution Update the Application Update t...
JVN#25850723: GU App for Android fails to restrict access permissions
GU App for Android provided by G.U. CO., LTD. contains an access restriction bypass issue CWE-939. The App launched by a Custom URL Scheme may lead an user to access an arbitrary URL. Impact A remote attacker may lead a user to access an arbitrary website via the vulnerable App. As a result, if t...
JVN#91691168: goo blog App fails to restrict custom URL schemes properly
goo blog App by NTT Resonant Incorporated provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-284 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to access an...
JVN#97434260: Hot Pepper Gourmet App fails to restrict access permissions
Hot Pepper Gourmet App provided by Recruit Co., Ltd. implements the function to access a requested URL using Custom URL Scheme. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an request from an arbitrary App and execute access...
JVN#54025691: Gurunavi Apps fail to restrict access permissions
Gurunavi Apps provided by Gurunavi, Inc. implement the function to access a requested URL using Custom URL Scheme. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an request from an arbitrary App and execute an access. Impact A...
Beyond Clubhouse: Vulnerable Agora SDKs Still in Widespread Use | McAfee Blogs
Beyond Clubhouse: Vulnerable Agora SDKs Still in Widespread Use Steve Povolny · FEB 18, 2021 On February 17th, 2021, McAfee disclosed findings based on a 10-month long disclosure process with major video conferencing vendor Agora, Inc. As we disclosed the findings to Agora in April 2020, this...
[SECURITY] Fedora 33 Update: python3.10-3.10.0~a5-1.fc33
Python 3.10 package for developers. This package exists to allow developers to test their code against a newer version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.10, update your Fedora to a newer version once Python 3.10 is stable...
CWA for Windows does not dynamically update icons in start menu (published applications) | works fine if refresh apps in CWA is done
This articles describes how we can force an update on start menu applications coming from Citrix workspace app on the endpoint when there is a chance made, i.e.- application name changed from Citrix studio etc...
JVN#00414047: Studyplus App uses a hard-coded API key for an external service
Studyplus App provided by Studyplus Inc. uses a hard-coded API key for an external service CWE-798. Impact API key for an external service may be obtained by analyzing data in the app. Note that a user is not directly affected by this vulnerability. Solution Update the Application Update the...
NITORI App fails to restrict access permissions
Overview NITORI App provided by Nitori Holdings Co., Ltd. implements the function to access a requested URL using Custom URL Scheme. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an request from an arbitrary App and execute th...
JVN#77402327: NITORI App fails to restrict access permissions
NITORI App provided by Nitori Holdings Co., Ltd. implements the function to access a requested URL using Custom URL Scheme. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an request from an arbitrary App and execute the access...
High-Severity TinyMCE Cross-Site Scripting Flaw Fixed
A high-severity flaw has been disclosed in TinyMCE, an open-source text editor used in the content management systems CMS of websites. The recently patched flaw could have been potentially exploited remotely by attackers to gain administrative privileges to websites. TinyMCE, developed by Tiny...
JVN#93167107: Android App "Mercari" (Japan version) vulnerable to arbitrary method execution of Java object
Android App "Mercari" Japan version provided by Mercari, Inc. contains vulnerability which may allow arbitrary Java method execution CWE-749 due to inadequate restrictions on addJavascriptInterface of WebView class. Impact An arbitrary method of a Java object may be executed by a remote attacker...
[SECURITY] Fedora 31 Update: python39-3.9.0~a2-1.fc31
Python 3.9 package for developers. This package exists to allow developers to test their code against a newer version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, update your Fedora to a newer version once Python 3.9 is stable...
CVE-2019-13466
Concretely affected: Western Digital SSD Dashboard and SanDisk SSD Dashboard prior to version 2.5.1.0. Vulnerability: Incorrect access control where the generate reports archive is protected with a hard-coded password. Root cause: insufficient access restrictions for archive generation. Impact: p...
CVE-2019-13466
Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 have Incorrect Access Control. The “generate reports” archive is protected with a hard-coded password. An application update that addresses the protection of archive encryption is available...
HPSBGN03623 rev. 1 - Exposure of Application Configuration Details - Samsung Mobile Print (Android)
Potential Security Impact Application's configuration details exposed Source: HP, HP Product Security Response Team PSRT Reported by: Akshay Jain Appknox VULNERABILITY SUMMARY A potential security vulnerability caused by incomplete obfuscation of application configuration information. HP has no...