CVE-2016-9928

MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets...

CVE-2016-9928

CVE-2016-9928 affects MCabber prior to 1.0.4. The vulnerability arises from improper handling of roster pushes in XMPP, allowing a remote attacker to intercept communications or add themselves as another user in a third party’s roster, potentially gaining privileges. Multiple advisories reference...

CVE-2016-9928

MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets...

CVE-2015-0102

IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Session fixation

IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2020-3118 (AKA: CDPwn)

A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisc...

PT-2020-19897 · Openwrt +1 · Openwrt +2

Name of the Vulnerable Software and Affected Versions: OpenWrt versions 18.06.0 through 18.06.6 OpenWrt version 19.07.0 LEDE versions 17.01.0 through 17.01.7 Description: A bug in the fork of the opkg package manager prevents correct parsing of embedded checksums in the signed repository index,...

CVE-2019-19891

CVE-2019-19891 concerns an encryption key vulnerability in Mitel SIP-DECT wireless devices (firmware versions 8.0 and 8.1) that could allow an attacker to perform a man-in-the-middle (MITM) attack and potentially intercept sensitive information. The CVE is referenced across multiple sources (NVD,...

F5 Networks BIG-IP : BIG-IP ASM and BIG-IQ/Enterprise Manager/F5 iWorkflow device authentication and trust vulnerability (K26462555)

An attacker with access to the device communication between the BIG-IP ASM Central Policy Builder and the BIG-IQ/Enterprise Manager/F5 iWorkflow will be able to set up the proxy the same way and intercept the traffic. CVE-2019-6665 Impact BIG-IP ASM / BIG-IQ / Enterprise Manager / F5 iWorkflow Wi...

Nextcloud: Remote code execution via path traversal in Zip extraction in the Extract app

I realise this doesn't qualify for a reward, as it's a vulnerability in a third-party app, but as the app is part of the "official" VM image provided by Hansson IT, I think it's well worth fixing. The Extract app doesn't validate the path or filename of a zip file to be extracted, allowing an...

Buffer overflow

Huawei smart phones with earlier versions than ELLE-AL00B 9.1.0.222C00E220R2P1 have a buffer overflow vulnerability. An attacker may intercept and tamper with the packet in the local area network LAN to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal...

Unspecified vulnerability in F5 BIG-IP ASM (CNVD-2019-47430)

F5 BIG-IP ASM is a Web Application Firewall WAF from F5 USA that provides secure remote access, protects email, and simplifies Web access control while enhancing network and application performance. A security vulnerability exists in F5 BIG-IP ASM version 15.0.1 that stems from the program not...

CVE-2019-8632

Some analytics data was sent using HTTP rather than HTTPS. This was addressed by no longer sending this analytics data. This issue is fixed in Texture 5.11.10 for iOS, Texture 4.22.0.4 for Android. An attacker in a privileged network position may be able to intercept analytics data...

Design/Logic Flaw

Some analytics data was sent using HTTP rather than HTTPS. This was addressed by no longer sending this analytics data. This issue is fixed in Texture 5.11.10 for iOS, Texture 4.22.0.4 for Android. An attacker in a privileged network position may be able to intercept analytics data...

Security Vulnerabilities in the RCS Texting Protocol

Interesting research: SRLabs founder Karsten Nohl, a researcher with a track record of exposing security flaws in telephony systems, argues that RCS is in many ways no better than SS7, the decades-old phone system carriers still used for calling and texting, which has long been known to be...

CVE-2019-5291

Some Huawei products have an insufficient verification of data authenticity vulnerability. A remote, unauthenticated attacker has to intercept specific packets between two devices, modify the packets, and send the modified packets to the peer device. Due to insufficient verification of some field...

Design/Logic Flaw

Some Huawei products have an insufficient verification of data authenticity vulnerability. A remote, unauthenticated attacker has to intercept specific packets between two devices, modify the packets, and send the modified packets to the peer device. Due to insufficient verification of some field...

CVE-2019-5291

Some Huawei products have an insufficient verification of data authenticity vulnerability. A remote, unauthenticated attacker has to intercept specific packets between two devices, modify the packets, and send the modified packets to the peer device. Due to insufficient verification of some field...

qpid-proton: TLS Man in the Middle Vulnerability

A cryptographic weakness was discovered in qpid-proton's use of TLS. If the qpid-proton client was used without client certificates, it would accept an anonymous cipher offered by the server. A man-in-the-middle attacker could use this to silently intercept traffic that should have been encrypted...

DEBIAN-CVE-2019-19583

An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service guest OS crash because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the need for DB...