31 matches found
CVE-2024-27086
The MSAL library enabled acquisition of security tokens to call protected APIs. MSAL.NET applications targeting Xamarin Android and .NET Android e.g., MAUI using the library from versions 4.48.0 to 4.60.0 are impacted by a low severity vulnerability. A malicious application running on a customer...
CVE-2024-51501
Refit is an automatic type-safe REST library for .NET Core, Xamarin and .NET The various header-related Refit attributes Header, HeaderCollection and Authorize are vulnerable to CRLF injection. The way HTTP headers are added to a request is via the HttpHeaders.TryAddWithoutValidation method. This...
CVE-2024-51501 CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes
Refit is an automatic type-safe REST library for .NET Core, Xamarin and .NET The various header-related Refit attributes Header, HeaderCollection and Authorize are vulnerable to CRLF injection. The way HTTP headers are added to a request is via the HttpHeaders.TryAddWithoutValidation method. This...
CVE-2024-51501
Refit (a .NET REST client) is vulnerable to CRLF injection via its header-related attributes (Header, HeaderCollection, Authorize). The underlying issue is lack of validation in HttpHeaders.TryAddWithoutValidation, which allows CRLF characters in header values, enabling header injection, request ...
Malicious code in ITLec.XamariոForms.Toоl.AutoCompleteLookup (NuGet)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in ITLec.XamаrinForms.Toоl.AdvancedProgressBar (NuGet)
--- -= Per source details. Do not edit below this line.=-...
Denial Of Service (DoS)
microsoft.identity.client is vulnerable to Denial of Service. The vulnerability is due to an incorrect activity export configuration, allowing a malicious application on the same Android device to interfere with the authentication processes. This vulnerability is only exploitable to applications...
CVE-2024-27086
The MSAL library enabled acquisition of security tokens to call protected APIs. MSAL.NET applications targeting Xamarin Android and .NET Android e.g., MAUI using the library from versions 4.48.0 to 4.60.0 are impacted by a low severity vulnerability. A malicious application running on a customer...
MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service
!IMPORTANT ONLY applications targeting Xamarin Android and .NET Android MAUI are impacted. All others can safely dismiss this CVE. Impact MSAL.NET applications targeting Xamarin Android and .NET Android e.g., MAUI using the library from versions 4.48.0 to 4.60.3 inclusive, except 4.59.1 and 4.60....
Improper Export of Android Application Components
Overview Affected versions of this package are vulnerable to Improper Export of Android Application Components in AuthenticationAgentActivity.cs, which can allow denial of service to applications on the same device using MSAL.NET for authentication. A malicious application installed by the victim...
GHSA-X674-V45J-FWXW MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service
!IMPORTANT ONLY applications targeting Xamarin Android and .NET Android MAUI are impacted. All others can safely dismiss this CVE. Impact MSAL.NET applications targeting Xamarin Android and .NET Android e.g., MAUI using the library from versions 4.48.0 to 4.60.3 inclusive, except 4.59.1 and 4.60....
CVE-2024-27086 MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service
The MSAL library enabled acquisition of security tokens to call protected APIs. MSAL.NET applications targeting Xamarin Android and .NET Android e.g., MAUI using the library from versions 4.48.0 to 4.60.0 are impacted by a low severity vulnerability. A malicious application running on a customer...
CVE-2024-27086 MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service
The MSAL library enabled acquisition of security tokens to call protected APIs. MSAL.NET applications targeting Xamarin Android and .NET Android e.g., MAUI using the library from versions 4.48.0 to 4.60.0 are impacted by a low severity vulnerability. A malicious application running on a customer...
CVE-2024-27086
MSAL.NET for Xamarin Android and .NET Android (MAUI) is affected when using versions 4.48.0–4.60.0, due to an incorrect activity export configuration that can allow a local attacker on the device to cause a denial of service and block user login to affected apps. The vulnerability is classed as L...
CVE-2024-27086 MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service
The MSAL library enabled acquisition of security tokens to call protected APIs. MSAL.NET applications targeting Xamarin Android and .NET Android e.g., MAUI using the library from versions 4.48.0 to 4.60.0 are impacted by a low severity vulnerability. A malicious application running on a customer...
Pyxamstore - Python Utility For Parsing Xamarin AssemblyStore Blob Files
This is an alpha release of an assemblies.blob AssemblyStore parser written in Python. The tool is capable of unpack and repackaging assemblies.blob and assemblies.manifest Xamarin files from an APK. Installing Run the installer script: python setup.py install You can then use the tool by calling...
Microsoft Xamarin.Forms Spoofing Vulnerability
Microsoft Windows is a series of operating systems released by the American company Microsoft. A spoofing vulnerability exists in Microsoft Xamarin.Forms. The vulnerability stems from a default setting in Android WebView versions prior to 83.0.4103.106. An attacker can exploit the vulnerability t...
KLA11959 SUI vulnerability in Xamarin
A spoofing vulnerability was found in Xamarin. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2020-16873 Related products Xamarin CVE list CVE-2020-16873 critical KB list Solution Install necessary updates from the KB section, that are listed in yo...
PT-2020-4018 · Microsoft +1 · Xamarin.Forms +1
Name of the Vulnerable Software and Affected Versions: Microsoft Xamarin.Forms versions prior to 83.0.4103.106 Description: A spoofing issue exists due to the default settings on Android WebView, allowing an attacker to execute arbitrary Javascript code on a target system. The attack requires the...
GPlayed Trojan - .Net playing with Google Market
This blog post is authored by Vitor Ventura. Introduction In a world where everything is always connected, and mobile devices are involved in individuals' day-to-day lives more and more often, malicious actors are seeing increased opportunities to attack these devices. Cisco Talos has identified...