Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mobile security vulnerabilities and exploits
(subscribe to this query)
3.7
CVSSv3
CVE-2016-6586
A security bypass vulnerability exists in Symantec Norton Mobile Security for Android prior to 3.16, which could let a malicious user conduct a man-in-the-middle via specially crafted JavaScript to add arbitrary URLs to the URL whitelist.
Symantec Norton Mobile Security
NA
CVE-2013-0122
The avast! Mobile Security application prior to 2.0.4400 for Android allows malicious users to cause a denial of service (application crash) via a crafted application that sends an intent to com.avast.android.mobilesecurity.app.scanner.DeleteFileActivity with zero arguments.
Avast Avast\\! Mobile Security
5.9
CVSSv3
CVE-2017-8060
Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Security" 1.1 for iOS allows a man-in-the-middle and/or physically proximate malicious user to silently intercept information sent during the login API call.
Watchguard Panda Mobile Security 1.1
NA
CVE-2014-5565
The GadgetTrak Mobile Security (aka com.activetrak.android.app) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Gadgettrak Gadgettrak Mobile Security 1.6
NA
CVE-2014-5642
The IMPI Mobile Security (aka com.impi) application 2.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Impi Impi Mobile Security 2.1.0
7.5
CVSSv3
CVE-2015-7732
The Avira Mobile Security app prior to 1.5.11 for iOS sends sensitive login information in cleartext.
Avira Avira Mobile Security 1.5.7
6.5
CVSSv3
CVE-2019-10413
Jenkins Data Theorem: CI/CD Plugin 1.3 and previous versions stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.
Jenkins Data Theorem Mobile App Security
NA
CVE-2014-5672
The NQ Mobile Security & Antivirus (aka com.nqmobile.antivirus20) application 7.2.16.00 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Nq Nq Mobile Security \\& Antivirus 7.2.16.00
4.3
CVSSv3
CVE-2017-1480
IBM Security Access Manager Appliance 8.0.0 up to and including 8.0.1.6, and 9.0.0 up to and including 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617.
Ibm Security Access Manager
Ibm Security Access Manager For Web
Ibm Security Access Manager For Mobile
5.9
CVSSv3
CVE-2017-1476
IBM Security Access Manager Appliance 7.0.0, 8.0.0 up to and including 8.0.1.6, and 9.0.0 up to and including 9.0.3.1 could allow a remote malicious user to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could ex...
Ibm Security Access Manager
Ibm Security Access Manager For Web
Ibm Security Access Manager For Mobile
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »