274 matches found
CVE-2024-34786
UniFi iOS app 10.15.0 introduces a misconfiguration on 2nd Generation UniFi Access Points configured as standalone not using UniFi Network Application that could cause the SSID name to change and/or the WiFi Password to be removed on the 5GHz Radio. This vulnerability is fixed in UniFi iOS app...
CVE-2024-23660
The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is the only entropy source, leading to economic losses, as exploited in the wild in July 202...
CVE-2024-1609
In OPPOStore iOS App, there's a possible escalation of privilege due to improper input validation...
CVE-2023-33757
A lack of SSL certificate validation in Splicecom iPCS iOS App v1.3.4, iPCS2 iOS App v2.8 and before, and iPCS Android App v1.8.5 and before allows attackers to eavesdrop on communications via a man-in-the-middle attack...
CVE-2023-47392
An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the carts of other users via sending a crafted add order request...
CVE-2023-29501
Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, and Jiyu Kukan Toku-Toku coupon App for Android versions 3.5.0 and earlier are vulnerable to improper server certificate verification. If this vulnerability is exploited, a man-in-the-middle attack may allow an attacker to...
CVE-2023-23131
Selfwealth iOS mobile App 3.3.1 is vulnerable to Insecure App Transport Security ATS Settings...
CVE-2023-23132
Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys...
CVE-2023-3615
Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection...
CVE-2023-47393
An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the maintenance orders of other users and access sensitive user information via unspecified vectors...
CVE-2021-42111
An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 for iOS. If it is installed on a jailbroken device, it is possible to retrieve the PIN code used to access the application. The IOS app version 1.4.1631262629 resolves this issue by storing a hash PIN code...
CVE-2021-27189
The CIRA Canadian Shield app before 4.0.13 for iOS lacks SSL Certificate Validation...
CVE-2020-14451
An issue was discovered in Mattermost Mobile Apps before 1.29.0. The iOS app allowed Single Sign-On cookies and Local Storage to remain after a logout, aka MMSA-2020-0013...
CVE-2020-12130
The AirDisk Pro app 5.5.3 for iOS allows XSS via the deleteFile parameter of the Delete function...
CVE-2019-8791
An issue existed in the parsing of URL schemes. This issue was addressed with improved URL validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to an open redirect...
CVE-2019-15614
Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files...
CVE-2019-15611
Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications...
CVE-2019-5927
Directory traversal vulnerability in 'an' App for iOS Version 3.2.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors...
CVE-2012-5185
Directory traversal vulnerability in the Olive Toast Documents Pro File Viewer formerly Files HD app before 1.11.1 for iOS allows remote attackers to read or delete files by leveraging guest access...
A week in security (March 10 – March 16)
Last week on Malwarebytes Labs: Research on iOS apps shows widespread exposure of secrets Don’t let your kids on Roblox if you’re not comfortable, says Roblox CEO Update your iPhone now: Apple patches vulnerability used in "extremely sophisticated attacks" The dark side of sports betting: How...