20 matches found
EUVD-2023-12322
Malicious code in bioql PyPI...
EUVD-2023-12688
Malicious code in bioql PyPI...
EUVD-2022-42724
Malicious code in bioql PyPI...
CVE-2023-0654
Due to a misconfiguration, the WARP Mobile Client 6.29 for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app shown on...
CVE-2023-0238
Due to lack of a security policy, the WARP Mobile Client =6.29 for Android was susceptible to this vulnerability which allowed a malicious app installed on a victim's device to exploit a peculiarity in an Android function, wherein under certain conditions, the malicious app could dictate the task...
CVE-2022-3337
It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/lock-warp-switch feature being enabled on Zero Trust Platform. This led to...
CVE-2023-0654
Due to a misconfiguration, the WARP Mobile Client 6.29 for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app shown on...
Information disclosure
Due to a misconfiguration, the WARP Mobile Client 6.29 for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app shown on...
CVE-2023-0238
Due to lack of a security policy, the WARP Mobile Client =6.29 for Android was susceptible to this vulnerability which allowed a malicious app installed on a victim's device to exploit a peculiarity in an Android function, wherein under certain conditions, the malicious app could dictate the task...
Design/Logic Flaw
Due to lack of a security policy, the WARP Mobile Client =6.29 for Android was susceptible to this vulnerability which allowed a malicious app installed on a victim's device to exploit a peculiarity in an Android function, wherein under certain conditions, the malicious app could dictate the task...
CVE-2023-0654 Spoofing User's Activity Loads in WARP Mobile Client (Android)
Due to a misconfiguration, the WARP Mobile Client 6.29 for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app shown on...
CVE-2023-0654 Spoofing User's Activity Loads in WARP Mobile Client (Android)
Due to a misconfiguration, the WARP Mobile Client 6.29 for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app shown on...
CVE-2023-0654
CVE-2023-0654 affects the WARP Mobile Client for Android, prior to version 6.29. The vulnerability results from a misconfiguration that allows tapjacking, enabling a malicious app to deceive users into thinking the attacker’s UI is the WARP client (spoofing user activity loads). Evidence across m...
CVE-2023-0654
Due to a misconfiguration, the WARP Mobile Client 6.29 for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app shown on...
CVE-2023-0238
CVE-2023-0238 affects Cloudflare WARP Mobile Client for Android, versions
CVE-2023-0238 Injecting Activity Loads in WARP Mobile Client
Due to lack of a security policy, the WARP Mobile Client =6.29 for Android was susceptible to this vulnerability which allowed a malicious app installed on a victim's device to exploit a peculiarity in an Android function, wherein under certain conditions, the malicious app could dictate the task...
PT-2023-16430 · Unknown · Warp Mobile Client
Name of the Vulnerable Software and Affected Versions: WARP Mobile Client versions prior to 6.29 Description: The issue is due to a misconfiguration, making the WARP Mobile Client susceptible to a tapjacking attack. If an attacker installs a malicious application on a victim's device, they can...
PT-2023-5310 · Unknown · Warp Mobile Client
Name of the Vulnerable Software and Affected Versions: WARP Mobile Client versions =6.29 Description: The issue is related to the lack of a security policy in the WARP Mobile Client for Android, which allows a malicious app installed on a victim's device to exploit a peculiarity in an Android...
Information disclosure
It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/lock-warp-switch feature being enabled on Zero Trust Platform. This led to...
CVE-2022-3322 Lock WARP switch bypass on WARP mobile client using iOS quick action
Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, this feature could be bypassed by using the "Disable WARP" quick action...