Lucene search
K

78 matches found

Positive Technologies
Positive Technologies
added 2023/04/04 12:0 a.m.5 views

PT-2023-16179 · Uvdesk · Uvdesk

Name of the Vulnerable Software and Affected Versions: Uvdesk version 1.1.1 Description: The issue allows an unauthenticated remote attacker to exploit a stored XSS in the application. This is possible because the application does not correctly validate the message sent by the clients in the...

6.1CVSS6AI score0.00687EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2023/02/03 12:0 a.m.3 views

PT-2023-1394 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions 2.6.0-rc1 through 2.6.0 Description: The issue is related to an output sanitization bug in Argo CD, which leaks repository access credentials in error messages. These error messages are visible to the user and are logged. The...

6.5CVSS9.4AI score0.00843EPSS
Exploits0References15
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/05/27 12:0 a.m.42 views

JVN#13878856: Mobaoku-Auction & Flea Market App for iOS vulnerable to improper server certificate verification

Mobaoku-Auction & Flea Market App for iOS provided by DeNA Co., Ltd. is vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the application Update the application to the...

4.3CVSS3.8AI score0.00344EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/01/12 12:0 a.m.46 views

JVN#49047921: Jimoty App for Android uses a hard-coded API key for an external service

Jimoty App for Android provided by Jimoty, Inc. uses a hard-coded API key for an external service CWE-798. Impact API key for an external service may be obtained by analyzing data in the app. Note that a user is not directly affected by this vulnerability. Solution Update the Application Update t...

3.3CVSS3.7AI score0.00203EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/07 12:0 a.m.62 views

JVN#25850723: GU App for Android fails to restrict access permissions

GU App for Android provided by G.U. CO., LTD. contains an access restriction bypass issue CWE-939. The App launched by a Custom URL Scheme may lead an user to access an arbitrary URL. Impact A remote attacker may lead a user to access an arbitrary website via the vulnerable App. As a result, if t...

4.3CVSS4.5AI score0.00869EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/02 12:0 a.m.59 views

JVN#91691168: goo blog App fails to restrict custom URL schemes properly

goo blog App by NTT Resonant Incorporated provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-284 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to access an...

5.3CVSS5.1AI score0.00993EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/04/27 12:0 a.m.58 views

JVN#97434260: Hot Pepper Gourmet App fails to restrict access permissions

Hot Pepper Gourmet App provided by Recruit Co., Ltd. implements the function to access a requested URL using Custom URL Scheme. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an request from an arbitrary App and execute access...

4.3CVSS4.7AI score0.00869EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/04/14 12:0 a.m.66 views

JVN#54025691: Gurunavi Apps fail to restrict access permissions

Gurunavi Apps provided by Gurunavi, Inc. implement the function to access a requested URL using Custom URL Scheme. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an request from an arbitrary App and execute an access. Impact A...

7.5CVSS7.4AI score0.01148EPSS
Exploits0
Trellix
Trellix
added 2021/02/18 12:0 a.m.21 views

Beyond Clubhouse: Vulnerable Agora SDKs Still in Widespread Use | McAfee Blogs

Beyond Clubhouse: Vulnerable Agora SDKs Still in Widespread Use Steve Povolny · FEB 18, 2021 On February 17th, 2021, McAfee disclosed findings based on a 10-month long disclosure process with major video conferencing vendor Agora, Inc. As we disclosed the findings to Agora in April 2020, this...

5.7AI score0.06041EPSS
Exploits1
Fedora
Fedora
added 2021/02/06 1:18 a.m.83 views

[SECURITY] Fedora 33 Update: python3.10-3.10.0~a5-1.fc33

Python 3.10 package for developers. This package exists to allow developers to test their code against a newer version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.10, update your Fedora to a newer version once Python 3.10 is stable...

9.8CVSS4AI score0.23293EPSS
Exploits1
Citrix
Citrix
added 2021/01/15 12:0 a.m.6 views

CWA for Windows does not dynamically update icons in start menu (published applications) | works fine if refresh apps in CWA is done

This articles describes how we can force an update on start menu applications coming from Citrix workspace app on the endpoint when there is a chance made, i.e.- application name changed from Citrix studio etc...

7AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/11/05 12:0 a.m.45 views

JVN#00414047: Studyplus App uses a hard-coded API key for an external service

Studyplus App provided by Studyplus Inc. uses a hard-coded API key for an external service CWE-798. Impact API key for an external service may be obtained by analyzing data in the app. Note that a user is not directly affected by this vulnerability. Solution Update the Application Update the...

5.5CVSS5.2AI score0.00271EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/08/26 6:34 a.m.1 views

NITORI App fails to restrict access permissions

Overview NITORI App provided by Nitori Holdings Co., Ltd. implements the function to access a requested URL using Custom URL Scheme. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an request from an arbitrary App and execute th...

6.1CVSS6.9AI score0.00842EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/08/26 12:0 a.m.43 views

JVN#77402327: NITORI App fails to restrict access permissions

NITORI App provided by Nitori Holdings Co., Ltd. implements the function to access a requested URL using Custom URL Scheme. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an request from an arbitrary App and execute the access...

6.1CVSS6.2AI score0.00842EPSS
Exploits0
ThreatPost
ThreatPost
added 2020/08/13 12:34 p.m.47 views

High-Severity TinyMCE Cross-Site Scripting Flaw Fixed

A high-severity flaw has been disclosed in TinyMCE, an open-source text editor used in the content management systems CMS of websites. The recently patched flaw could have been potentially exploited remotely by attackers to gain administrative privileges to websites. TinyMCE, developed by Tiny...

4.3CVSS6.9AI score0.01811EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/07/08 12:0 a.m.104 views

JVN#93167107: Android App "Mercari" (Japan version) vulnerable to arbitrary method execution of Java object

Android App "Mercari" Japan version provided by Mercari, Inc. contains vulnerability which may allow arbitrary Java method execution CWE-749 due to inadequate restrictions on addJavascriptInterface of WebView class. Impact An arbitrary method of a Java object may be executed by a remote attacker...

8.1CVSS8.1AI score0.01996EPSS
Exploits0
Fedora
Fedora
added 2020/01/04 8:33 p.m.16 views

[SECURITY] Fedora 31 Update: python39-3.9.0~a2-1.fc31

Python 3.9 package for developers. This package exists to allow developers to test their code against a newer version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, update your Fedora to a newer version once Python 3.9 is stable...

4AI score
Exploits0
CVE
CVE
added 2019/09/30 5:52 p.m.75 views

CVE-2019-13466

Concretely affected: Western Digital SSD Dashboard and SanDisk SSD Dashboard prior to version 2.5.1.0. Vulnerability: Incorrect access control where the generate reports archive is protected with a hard-coded password. Root cause: insufficient access restrictions for archive generation. Impact: p...

7.5CVSS7.5AI score0.00661EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2019/09/30 5:52 p.m.27 views

CVE-2019-13466

Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 have Incorrect Access Control. The “generate reports” archive is protected with a hard-coded password. An application update that addresses the protection of archive encryption is available...

7.6AI score0.00661EPSS
Exploits0References2
Hewlett-Packard
Hewlett-Packard
added 2019/07/30 12:0 a.m.34 views

HPSBGN03623 rev. 1 - Exposure of Application Configuration Details - Samsung Mobile Print (Android)

Potential Security Impact Application's configuration details exposed Source: HP, HP Product Security Response Team PSRT Reported by: Akshay Jain Appknox VULNERABILITY SUMMARY A potential security vulnerability caused by incomplete obfuscation of application configuration information. HP has no...

3.3CVSS0.8AI score0.00386EPSS
Exploits0
Rows per page
Query Builder