NotCVE - vendor:"Hidglobal" product:"Safe" version:" >= 5.8.0 <= 5.11.3"

16 results (0.006 seconds)

CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-2904 – CVE-2023-2904

https://notcve.org/view.php?id=CVE-2023-2904

07 Jun 2023 — The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface (API). An attacker could log in using account credentials available through a request generated by an internal user and then manipulate the visitor-id within the web API to access the personal data of other users. There is no limit on the number of requests that can be made to the HID SAFE Web Server, so an attacker could also exploit this... • https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-02 • CWE-471: Modification of Assumed-Immutable Data (MAID) •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-47524

https://notcve.org/view.php?id=CVE-2022-47524

23 Dec 2022 — F-Secure SAFE Browser 19.1 before 19.2 for Android allows an IDN homograph attack. • https://www.f-secure.com/en/home/support/security-advisories/cve-2022-47524 •

CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-38163

https://notcve.org/view.php?id=CVE-2022-38163

07 Nov 2022 — A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Browser for Android and iOS version 19.0 and below. Drag and drop operation by user on address bar could lead to a spoofing of the address bar. Se descubrió una vulnerabilidad falsa de arrastrar y soltar en F-Secure SAFE Browser para Android e iOS versión 19.0 y anteriores. La operación de arrastrar y soltar por parte del usuario en la barra de direcciones podría provocar una suplantación de la barra de direcciones. • https://withsecure.com •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-38164

https://notcve.org/view.php?id=CVE-2022-38164

07 Nov 2022 — A vulnerability affecting F-Secure SAFE browser for Android and iOS was discovered. A maliciously crafted website could make a phishing attack with URL spoofing as the browser only display certain part of the entire URL. WithSecure hasta el 10 de agosto de 2022 permite a los atacantes provocar una denegación de servicio (problema 3 de 5). • https://withsecure.com • CWE-290: Authentication Bypass by Spoofing •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-28873 – Multiple Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android

https://notcve.org/view.php?id=CVE-2022-28873

12 May 2022 — A vulnerability affecting F-Secure SAFE browser was discovered. An attacker can potentially exploit Javascript window.open functionality in SAFE Browser which could lead address bar spoofing attacks. Se ha detectado una vulnerabilidad que afecta al navegador F-Secure SAFE. Un atacante puede explotar potencialmente la funcionalidad de Javascript window.open en el navegador SAFE, lo que podría conllevar a ataques de suplantación de la barra de direcciones • https://www.f-secure.com/en/home/support/security-advisories •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-28872 – Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android

https://notcve.org/view.php?id=CVE-2022-28872

12 May 2022 — A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the address bar was not correct if navigation fails in a loop. Se ha detectado una vulnerabilidad que afecta al navegador F-Secure SAFE. Un sitio web diseñado de forma maliciosa podría realizar un ataque de phishing con suplantación de la barra de direcciones, ya que la barra de direcciones no era correcta si la navegación fallaba en un bucle • https://www.f-secure.com/en/home/support/security-advisories •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-28869 – Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android

https://notcve.org/view.php?id=CVE-2022-28869

15 Apr 2022 — A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the browser did not show full URL, such as port number. Se ha detectado una vulnerabilidad que afectaba al navegador F-Secure SAFE. Un sitio web diseñado de forma maliciosa podía realizar un ataque de phishing con suplantación de la barra de direcciones, ya que el navegador no mostraba la URL completa, como el número de puerto • https://www.f-secure.com/en/home/support/security-advisories •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-28868 – Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android

https://notcve.org/view.php?id=CVE-2022-28868

15 Apr 2022 — An Address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted malicious webpage/URL, user may be tricked for a short period of time (until the page loads) to think content may be coming from a valid domain, while the content comes from the attacker controlled site. Se ha detectado una vulnerabilidad de suplantación de la barra de direcciones en Safe Browser para Android. Cuando el usuario hace clic en una página web/URL maliciosa especialmente dise... • https://www.f-secure.com/en/home/support/security-advisories •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-28870 – Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android

https://notcve.org/view.php?id=CVE-2022-28870

15 Apr 2022 — A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the address bar was not correct if navigation fails. Se ha detectado una vulnerabilidad que afecta al navegador F-Secure SAFE. Un sitio web diseñado de forma maliciosa podía realizar un ataque de phishing con suplantación de la barra de direcciones, ya que ésta no era correcta si fallaba la navegación • https://www.f-secure.com/en/home/support/security-advisories •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-44751 – F-Secure SAFE Browser vulnerable to USSD attacks

https://notcve.org/view.php?id=CVE-2021-44751

25 Mar 2022 — A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In most modern Android OS, dialer application will require user interaction, however, some older Android OS may not need user interaction. Se ha detectado una vulnerabilidad que afecta al navegador F-Secure SAFE anterior ... • https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame • CWE-276: Incorrect Default Permissions •

1 2