CVE-2019-8856

The CVE-2019-8856 issue affects Apple’s CallKit in iOS/iPadOS, watchOS, and macOS where Siri-initiated outgoing calls could use the wrong cellular plan on devices with two active plans. Root cause: an API/state handling flaw in outgoing Siri calls. Impact: potential misrouting of calls due to inc...

CVE-2019-8566

An API issue existed in the handling of microphone data. This issue was addressed with improved validation. This issue is fixed in iOS 12.2. A malicious application may be able to access the microphone without indication to the user...

CVE-2019-8502

An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to initiate a Dictation request without user authorization...

Authorization

An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to initiate a Dictation request without user authorization...

Input validation

An API issue existed in the handling of microphone data. This issue was addressed with improved validation. This issue is fixed in iOS 12.2. A malicious application may be able to access the microphone without indication to the user...

CVE-2019-8566

CVE-2019-8566 concerns the ReplayKit component in iOS, where an API issue in how microphone data is handled could allow a malicious app to access the microphone without user indication. The vulnerability’s impact is privacy-related, enabling eavesdropping on audio without visible prompts. Apple a...

CVE-2019-8502

An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to initiate a Dictation request without user authorization...

CVE-2019-8502

CVE-2019-8502 affects Apple platforms (iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2) where an API handling dictation requests contained validation issues. The root cause is improper handling/validation in dictation initiation, allowing a malicious app to initiate a Dictation request wit...

CVE-2019-14433

An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensiti...

MGASA-2018-0202 Updated firefox packages fix security vulnerability

Memory safety bugs fixed in Firefox ESR 52.7 CVE-2018-5125. Buffer overflow manipulating SVG animatedPathSegList CVE-2018-5127. Out-of-bounds write with malformed IPC messages CVE-2018-5129. Mismatched RTP payload type can trigger memory corruption CVE-2018-5130. Fetch API improperly returns cach...

SUSE-SU-2017:2202-1 Security update for freeradius-server

This update for freeradius-server fixes the following issues: - update to 3.0.15 bsc1049086 Bind the lifetime of program name and python path to the module CVE-2017-10978: FR-GV-201: Check input / output length in makesecret bsc1049086 CVE-2017-10983: FR-GV-206: Fix read overflow when decoding DH...

CVE-2013-0422

Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by 1 using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using t...

CVE-2011-1428

Wee Enhanced Environment for Chat aka WeeChat 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect...

Windows 2000 GDI32.DLL GetEnhMetaFilePaletteEntries() API specially crafted EMF file DOS vulnerability

Windows 2000 GDI32.DLL GetEnhMetaFilePaletteEntries API specially crafted EMF file DOS vulnerability 1. Description Windows 2000 GDI32.DLL GetEnhMetaFilePaletteEntries API doesn't process the EMF file properly, a application which calls the API will crash when it reads some specially crafted EMF...

Microsoft Windows XP2000NT 4.0 - Window Message Subsystem Design Error (1)

Microsoft Windows XP2000NT 4.0 - Window Message Subsystem Design Error 1 // source: https://www.securityfocus.com/bid/5408/info A serious design error in the Win32 API has been reported. The issue is related to the inter-window message passing system. This vulnerability is wide-ranging and likely...