CVE-2021-44033

In Ionic Identity Vault before 5.0.5, the protection mechanism for invalid unlock attempts can be bypassed...

Ionic Identity Vault 安全漏洞

Ionic Identity Vault is Ionic's use of the most secure mobile biometric authentication to protect your users. A security vulnerability in Ionic Identity Vault versions prior to 5.0.5 allows an attacker to bypass the protection mechanism for invalid unlock attempts...

CVE-2021-3145

In Ionic Identity Vault before 5, a local root attacker on an Android device can bypass biometric authentication...

CVE-2021-3145

In Ionic Identity Vault before 5, a local root attacker on an Android device can bypass biometric authentication...

Authentication flaw

In Ionic Identity Vault before 5, a local root attacker on an Android device can bypass biometric authentication...

CVE-2021-3145

Ionic Identity Vault before version 5 on Android is vulnerable to a biometric authentication bypass that can be exploited by a local root attacker. Affected are Identity Vault versions 4.7 and earlier on Android, with the vulnerability allowing bypass of biometric protection and granting access t...

CVE-2021-3145

In Ionic Identity Vault before 5, a local root attacker on an Android device can bypass biometric authentication...

Ionic Identity Vault 授权问题漏洞

Ionic Identity Vault is Ionic's use of the most secure mobile biometric authentication to protect your users. A security vulnerability exists in Ionic Identity Vault 4.7 and below on Android that stems from a biometric authentication bypass...

Ionic Identity Vault 4.7 Android Biometric Authentication Bypass

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: Identity Vault Vendor: Ionic CSNC ID: CSNC-2021-001 CVE ID: CVE-2021-3145 Subject: Biometric Authentication Bypass on Android Severity: Medium Effect: Authentication Bypass Author: Emanuel Duss Date: 2021-09-...

Ionic Identity Vault 4.7 Android Biometric Authentication Bypass Vulnerability

Ionic Identity Vault versions 4.7 and below suffer from a biometric authentication bypass vulnerability on Android. Product: Identity Vault Vendor: Ionic CVE ID: CVE-2021-3145 Subject: Biometric Authentication Bypass on Android Severity: Medium Effect: Authentication Bypass Introduction...

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

ALSA-2021:0558 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: locking issue in drivers/tty/ttyjobctrl.c can lead to an use-after-free CVE-2020-29661 kernel: performance counters race condition use-after-free CVE-2020-14351 kernel: ICMP rate limiting...

@aikuma/webcomponents (=0.0.1), @canastro/eva-ui (=0.0.1) +39 more potentially affected by unknown CVE via @ionic/core (>=0.0.2-42 <=4.0.2)

@ionic/core NPM version =0.0.2-42, =0.5.0, =0.1.0, =0.1.0, =0.0.1, =0.0.1, =0.2.1, =1.0.0, =0.0.2, =0.0.1, =0.2.0-5, =0.2.0-6 - @logisticinfotech/ionic4-datepicker =1.0.1 - @modus/ionic-vue =3.0.0-beta.1 - @openchemistry/molecule =0.2.6 and more Source cves: unknown CVE Source advisory:...

@dev-engage/engage-ionic (>=0.6.0 <=0.6.6), @ionic/angular (>=4.1.0 <=4.1.3-dev.201903261530.1ecfcd1) +2 more potentially affected by unknown CVE via @ionic/core (>=4.1.0 <=4.1.3-dev.201903261530.1ecfcd1)

@ionic/core NPM version =4.1.0, =0.6.0, =4.1.0, =4.1.3-dev.201903261530.1ecfcd1 - @ionic/pwa-elements =1.0.2 - dos-wc-library =0.6.1 Source cves: unknown CVE Source advisory: OSV:GHSA-R3XC-47QG-H929...

@ionic/angular (>=4.3.0 <=4.3.1-dev.201904231448.eb3cbe4), dos-wc-library (>=0.7.7 <=0.7.21) potentially affected by unknown CVE via @ionic/core (>=4.3.0 <=4.3.1-dev.201904231448.eb3cbe4)

@ionic/core NPM version =4.3.0, =4.3.0, =0.7.7, =0.7.21 Source cves: unknown CVE Source advisory: OSV:GHSA-R3XC-47QG-H929...

GHSA-R3XC-47QG-H929 Cross-Site Scripting in @ionic/core

Versions of @ionic/core prior to 4.0.3, 4.1.3, 4.2.1 or 4.3.1 are vulnerable to Cross-Site Scripting XSS. The package uses the unsafe innerHTML function without sanitizing input, which may allow attackers to execute arbitrary JavaScript on the victim's browser. This issue affects the components: ...

Cross-Site Scripting in @ionic/core

Versions of @ionic/core prior to 4.0.3, 4.1.3, 4.2.1 or 4.3.1 are vulnerable to Cross-Site Scripting XSS. The package uses the unsafe innerHTML function without sanitizing input, which may allow attackers to execute arbitrary JavaScript on the victim's browser. This issue affects the components: ...

@ccrpc/tip (>=0.1.0 <=0.3.2), @ccrpc/webmapgl (>=0.10.0 <=0.13.0) +6 more potentially affected by unknown CVE via @ionic/core (>=4.2.0 <=4.2.1-dev.201904231454.26ca72c)

@ionic/core NPM version =4.2.0, =0.1.0, =0.10.0, =4.2.0, =4.2.0, =4.2.0, =2.2.3, =0.9.0, =0.12.2 - dos-wc-library =0.7.10 Source cves: unknown CVE Source advisory: OSV:GHSA-R3XC-47QG-H929...

@ionic/cli-plugin-ionic1 (>=0.0.2 <=0.0.3), @phoenix-plugin-registry/com.vevedh.ioniccli (=1.1.2) +21 more potentially affected by CVE-2015-1164 via serve-static (>=1.7.0 <=1.7.1)

serve-static NPM version =1.7.0, =0.0.2, =1.1.0, =0.0.1, =0.0.1, =0.1.0, =1.0.0, =1.0.0, =1.2.9, =0.0.9, =0.0.1, =0.0.1, =1.0.0, =0.0.1, =0.0.5 - isz =0.0.2 and more Source cves: CVE-2015-1164 Source advisory: OSV:GHSA-C3X7-GJMX-R2FF...

Cross-site Scripting (XSS)

@ionic/core is vulnerable to cross-site scripting XSS. The attack exists because the unsafe innerHTML function is rendered directly on the alert-message string with the following components: .message,.placeholder, .loadingText, .pullingText, .refershingText...