130 matches found
CVE-2018-18978
CVE-2018-18978 affects the Android app for Ascensia Contour NEXT ONE (pre-2019-01-15). The issue is a statically coded encryption key, enabling extraction of the key to decipher communications with the backend. In combination with another vulnerability that can retrieve any user’s encrypted data ...
CVE-2018-18977
An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. An attacker may reverse engineer the codebase to extract sensitive data that contributes to the disclosure of medical information of patients utilizing the Ascensia platform. This occurs because of...
CVE-2018-18977
CVE-2018-18977 affects the Ascensia Contour NEXT ONE Android app (before 2019-01-15). The issue is weak obfuscation that may allow an attacker to reverse engineer the codebase and extract data contributing to disclosure of patients’ medical information. The connected documents do not provide more...
CVE-2018-18976
An issue was discovered in the Ascensia Contour NEXT ONE application for iOS and Android before 2019-01-15. An attacker may retrieve encrypted medical information of any user of the Ascensia cloud platform by performing Direct Object References with a series of user ID values. This information ca...
CVE-2018-18976
The CVE-2018-18976 entry concerns the Ascensia Contour NEXT ONE mobile app (iOS/Android) prior to 2019-01-15. The root issue is Direct Object References that enable an attacker to enumerate user IDs to retrieve encrypted medical information from the Ascensia cloud platform. The exposed data is en...
CVE-2018-18975
An issue was discovered in the Ascensia Contour NEXT ONE app for iOS before 2019-01-15. An attacker may proxy communications between the app and Ascensia backend servers because of a weak certificate-pinning implementation, leading to disclosure of medical information...
CVE-2018-18975
The CVE-2018-18975 entry affects the Ascensia Contour NEXT ONE iOS app (pre-2019-01-15). The root cause is weak certificate pinning, allowing an attacker to proxy communications between the app and Ascensia backend servers. This leads to exposure of medical information. The NVD details include CV...
[SECURITY] Fedora 28 Update: kst-2.0.8-20.fc28
Kst is a real-time data viewing and plotting tool with basic data analysis functionality. Kst contains many powerful built-in features and is expandable with plugins and extensions. Main features of kst include: Robust plotting of live "streaming" data. Powerful keyboard and mouse plot...
DEBIAN-CVE-2017-8287
FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1builderclosecontour function in psaux/psobjs.c...
alya.contourgroup.com XSS vulnerability
Vulnerable URL: http://alya.contourgroup.com/edocs/?brand="/%3E%3Csvg/onload=alert'OPENBUGBOUNTY'%3E// Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP...