8 matches found
Code injection
LINE for Android version 5.0.2 and earlier and LINE for iOS version 5.0.0 and earlier are vulnerable to MITM man-in-the-middle attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM man-in-the-middle attacker...
CVE-2019-2315
While invoking the API to copy from fd or local buffer to the secure buffer, Parameters being populated are from non secure environment. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music...
CVE-2019-2315
While invoking the API to copy from fd or local buffer to the secure buffer, Parameters being populated are from non secure environment. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music...
Information disclosure
An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing unintended information or denial of service by causing libvirt to block...
Palo Alto Networks User-ID Agent < 7.0.4 TLS-Secured API Invocation Credential Disclosure (PAN-SA-2016-0007)
The version of Palo Alto Networks User-ID agent installed on the remote Windows host is prior to 7.0.4. It is, therefore, affected by a flaw that allows a TLS-secured API call to return encrypted credentials to the domain account configured on the User-ID agent, which has read-only rights for...
LINE@ vulnerable to script injection
Overview LINE@ provided by LINE Corporation is an application used to communicate with others. LINE@ is vulnerable to MITM man-in-the-middle attacks since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM man-in-the-middle...
JVN#22546110: LINE@ vulnerable to script injection
LINE@ provided by LINE Corporation is an application used to communicate with others. LINE@ is vulnerable to MITM man-in-the-middle attacks since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM man-in-the-middle attacker...
JVN#41281927: LINE vulnerable to script injection
LINE provided by LINE Corporation is an application used to communicate with others. LINE is vulnerable to MITM man-in-the-middle attacks since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM man-in-the-middle attacker. Impac...