Lucene search
+L

89 matches found

Positive Technologies
Positive Technologies
added 2024/04/16 12:0 a.m.14 views

PT-2024-21638 · Microsoft · Msal.Net

Name of the Vulnerable Software and Affected Versions: MSAL.NET versions 4.48.0 through 4.60.0 Description: A malicious application running on a customer Android device can cause local denial of service against applications that were built using MSAL.NET for authentication on the same device, due...

3.9CVSS7.2AI score0.00189EPSS
Exploits0References9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/03/29 4:28 a.m.5 views

"Yahoo! JAPAN" App vulnerable to cross-site scripting

Overview "Yahoo! JAPAN" App provided by LY Corporation contains a cross-site scripting vulnerability CWE-79. Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

6.1CVSS6AI score0.00314EPSS
Exploits0References4
OSV
OSV
added 2023/12/19 3:15 p.m.3 views

CVE-2023-6913

A session hijacking vulnerability has been detected in the Imou Life application affecting version 6.7.0. This vulnerability could allow an attacker to hijack user accounts due to the QR code functionality not properly filtering codes when scanning a new device and directly running WebView withou...

8.1CVSS5.8AI score0.00729EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/12/19 12:0 a.m.5 views

PT-2023-32821 · Imou · Imou Life

Name of the Vulnerable Software and Affected Versions: Imou Life version 6.7.0 Description: A session hijacking issue has been detected in the Imou Life application. This issue could allow an attacker to hijack user accounts due to the QR code functionality not properly filtering codes when...

8.1CVSS8AI score0.00729EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:21 a.m.3 views

SUSE CVE-2015-1295

Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/printwebviewhelper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact by triggering nested IPC...

7.5CVSS9.8AI score0.01574EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:2 a.m.1 views

SUSE CVE-2020-6437

Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application...

4.3CVSS6AI score0.0172EPSS
Exploits1References5
OSV
OSV
added 2022/11/01 8:15 p.m.5 views

CVE-2022-42813

A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. Processing a maliciously crafted certificate may lead to arbitrary code execution...

9.8CVSS6AI score0.00928EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/10/24 12:0 a.m.1 views

PT-2022-26601 · Apple · Ipados +4

Name of the Vulnerable Software and Affected Versions: Apple iOS versions prior to 16.1 Apple iPadOS versions prior to 16.1 Apple tvOS versions prior to 16.1 Apple macOS versions prior to 13 Apple watchOS versions prior to 9.1 Description: A certificate validation issue existed in the handling of...

9.8CVSS8.3AI score0.00928EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2022/06/02 2:15 p.m.6 views

CVE-2022-28799

The TikTok application before 23.7.3 for Android allows account takeover. A crafted URL unvalidated deeplink can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click...

8.8CVSS7.4AI score0.1553EPSS
Exploits0References4
OSV
OSV
added 2022/02/11 6:15 p.m.9 views

CVE-2022-24923

Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview...

3.3CVSS5.9AI score0.00218EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/12/28 12:0 a.m.7 views

The vulnerability of the WebView component for displaying web pages in Google Chrome browser and on the Android operating system allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the WebView component of Google Chrome’s browser involves errors in the implementation of security checks for standard elements. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

6.5CVSS6.6AI score0.00588EPSS
Exploits0References7Affected Software6
Typo3
Typo3
added 2021/07/20 12:0 a.m.28 views

Cross-Site Scripting in Page Preview

Failing to properly encode Page TSconfig settings, the corresponding page preview module WebView is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability...

3.5CVSS2.7AI score0.00603EPSS
Exploits0Affected Software1
OSV
OSV
added 2021/06/11 3:15 p.m.3 views

CVE-2021-25403

Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P9.0 and below, and 12.2.0.9 in Android Q10.0 and above allows attacker to access contacts and file provider using SettingWebView component...

3.3CVSS5.8AI score0.00231EPSS
Exploits0References1
CNVD
CNVD
added 2019/07/25 12:0 a.m.6 views

LINAGORA hublin web-view renderer path traversal vulnerability

LINAGORA hublin is an open source video conferencing solution based on WebRTC. web-view renderer is one of the renderers. A path traversal vulnerability exists in the web-view renderer in LINAGORA hublin. The vulnerability stems from a failure of a network system or product to properly filter...

7.5CVSS6.8AI score0.02763EPSS
Exploits0References1
NVD
NVD
added 2019/07/23 2:15 p.m.19 views

CVE-2019-1010205

LINAGORA hublin latest commit 72ead897082403126bf8df9264e70f0a9de247ff is affected by: Directory Traversal. The impact is: The vulnerability allows an attacker to access any file with a fixed extension on the server. The component is: A web-view renderer; details here:...

7.5CVSS7.5AI score0.02763EPSS
Exploits0References1
Prion
Prion
added 2019/07/23 2:15 p.m.10 views

Directory traversal

LINAGORA hublin latest commit 72ead897082403126bf8df9264e70f0a9de247ff is affected by: Directory Traversal. The impact is: The vulnerability allows an attacker to access any file with a fixed extension on the server. The component is: A web-view renderer; details here:...

5CVSS7.5AI score0.02763EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/07/23 1:35 p.m.26 views

CVE-2019-1010205

LINAGORA hublin latest commit 72ead897082403126bf8df9264e70f0a9de247ff is affected by: Directory Traversal. The impact is: The vulnerability allows an attacker to access any file with a fixed extension on the server. The component is: A web-view renderer; details here:...

7.5AI score0.02763EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2019/01/03 12:37 p.m.12 views

Google Partially Patches Flaw in Chrome for Android 3 Years After Disclosure

Google has finally patched a privacy vulnerability in its Chrome web browser for Android that exposes users' device model and firmware version, eventually enabling remote attackers to identify unpatched devices and exploit known vulnerabilities. The vulnerability, which has not yet given any CVE...

6.7AI score
Exploits0
OSV
OSV
added 2018/08/21 11:29 p.m.3 views

CVE-2018-15669

An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not...

5.3CVSS5.8AI score0.00883EPSS
Exploits0References1
OSV
OSV
added 2018/03/13 8:44 p.m.38 views

GHSA-HWHH-2FWM-CFGW Doorkeeper is vulnerable to stored XSS and code execution

Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting XSS vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client's name will cause users interacting with it will execute payload. This attack appear to be...

6.1CVSS6AI score0.01479EPSS
Exploits0References9
Rows per page
Query Builder