Lucene search
K

274 matches found

Prion
Prion
added 2023/11/22 7:15 a.m.16 views

Design/Logic Flaw

An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the maintenance orders of other users and access sensitive user information via unspecified vectors...

5CVSS6.6AI score0.005EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/11/22 12:0 a.m.42 views

CVE-2023-47393

CVE-2023-47393 describes an access control flaw in the Mercedes me iOS app (versions 1.34.0 and below) that could let an attacker view other users’ maintenance orders and access sensitive user data via unspecified vectors. The NVD entry rates it at CVSS v3.1 base score 5.3 (Medium) with network a...

5.3CVSS5AI score0.005EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/22 12:0 a.m.5 views

PT-2023-30440 · Mercedes · Mercedes Me Ios App

Name of the Vulnerable Software and Affected Versions: Mercedes me IOS APP versions 1.34.0 and below Description: The issue allows attackers to view the carts of other users by sending a crafted add order request, exploiting an access control problem. Recommendations: For Mercedes me IOS APP...

5.3CVSS6.8AI score0.005EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/11/22 12:0 a.m.10 views

CVE-2023-47392

An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the carts of other users via sending a crafted add order request...

6.8AI score0.005EPSS
Exploits0References1
NVD
NVD
added 2023/07/17 4:15 p.m.18 views

CVE-2023-3615

Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection...

8.1CVSS0.00289EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/07/17 3:33 p.m.27 views

CVE-2023-3615 Lack of server certificate validation in websockets connection

Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection...

8.1CVSS6.5AI score0.00289EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/07/17 12:0 a.m.7 views

PT-2023-25456 · Mattermost · Mattermost Ios App

Name of the Vulnerable Software and Affected Versions: Mattermost iOS app affected versions not specified Description: The Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection, allowing a network attacker to intercept the WebSockets connection...

8.1CVSS7.6AI score0.00289EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2023/06/28 12:0 a.m.295 views

Zip And RAR FileExtractor 5.7 Cross Site Scripting

Exploit Title: Zip & RAR FileExtractor v5.7 - Reflected XSS Vendor Homepage: Penghui Zhao Software Link: https://apps.apple.com/tr/app/zip-rar-file-extractor/id769409043?l=en Date: 2023-06-20 Exploit Author: tmrswrr Category : ios app Version: v5.7 Tested on: Windows/Linux Description: Go to Wi-F...

7.1AI score
Exploits0
Vulnrichment
Vulnrichment
added 2023/06/13 12:0 a.m.5 views

CVE-2023-29501

Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, and Jiyu Kukan Toku-Toku coupon App for Android versions 3.5.0 and earlier are vulnerable to improper server certificate verification. If this vulnerability is exploited, a man-in-the-middle attack may allow an attacker to...

6.5AI score0.00281EPSS
Exploits0References4
OSV
OSV
added 2023/04/04 1:15 p.m.1 views

UBUNTU-CVE-2023-28999

Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files,...

6.9CVSS5.8AI score0.00678EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/04/04 12:0 a.m.4 views

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud that originates from allowing a malicious server to gain access to E2EE folders. Affected products and version...

6.9CVSS6.5AI score0.00678EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/02/01 12:0 a.m.8 views

CVE-2023-23132

Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys...

7.2AI score0.00603EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/02/01 12:0 a.m.4 views

PT-2023-18851 · Selfwealth · Selfwealth Ios Mobile App

Name of the Vulnerable Software and Affected Versions: Selfwealth iOS mobile App version 3.3.1 Description: The issue concerns Insecure App Transport Security ATS Settings in the Selfwealth iOS mobile App. This means the app may not properly secure its communication, potentially allowing for...

7.5CVSS7.2AI score0.00593EPSS
Exploits0References4
OSV
OSV
added 2022/09/28 8:55 p.m.30 views

CVE-2022-39257 Matrix iOS SDK vulnerable to impersonation via forwarded Megolm sessions

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this m...

7.5CVSS7.2AI score0.0072EPSS
Exploits0References6
Cvelist
Cvelist
added 2022/09/27 12:54 p.m.19 views

CVE-2022-37193

Chipolo ONE Bluetooth tracker 2020 Chipolo iOS app version 4.13.0 is vulnerable to Incorrect Access Control. Chipolo devices suffer from access revocation evasion attacks once the malicious sharee obtains the access credentials...

7.4AI score0.00545EPSS
Exploits0References2
OSV
OSV
added 2022/06/14 9:15 a.m.4 views

CVE-2022-29482

'Mobaoku-Auction&Flea Market' App for iOS versions prior to 5.5.16 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack...

3.7CVSS5.8AI score0.00344EPSS
Exploits0References1
CVE
CVE
added 2022/04/30 9:15 p.m.91 views

CVE-2021-41994

The CVE-2021-41994 entry concerns PingID: an RSA misconfiguration in the PingID iOS app prior to 1.19. This flaw enables pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. Affected component: PingID iOS app (pre-1.19); root cause: RSA misconfigurati...

6.6CVSS5.1AI score0.00231EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2022/03/28 2:15 a.m.5 views

CVE-2021-45490

The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation...

9.1CVSS5.8AI score0.0107EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/11/10 12:0 a.m.4 views

Rcdevs OpenOtp Ios Mobile Application 安全漏洞

Rcdevs OpenOtp Ios Mobile Application is a mobile authentication solution from Rcdevs Luxembourg. A security vulnerability exists in Rcdevs OpenOtp Ios Mobile Application 1.4.13 and 1.4.14, which can be exploited by an attacker to retrieve the PIN code used to access the application...

5.5CVSS5.9AI score0.00239EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/09/28 12:0 a.m.28 views

JVN#10168753: SNKRDUNK Market Place App for iOS vulnerable to improper server certificate verification

SNKRDUNK Market Place App for iOS provided SODA, Inc. is vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on and/or alter the communication. Solution Update the application Update the application to the latest...

7.4CVSS7AI score0.0047EPSS
Exploits0
Rows per page
Query Builder