CVE-2019-17218

An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the communication to the web service is unencrypted via http. An attacker is able to intercept and sniff communication to the web service...

CVE-2019-17191

The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. The existence of the call is noticeable to the callee; however, the audio channel may be open before the callee can block...

PT-2019-3608 · Zingbox · Zingbox Inspector

Name of the Vulnerable Software and Affected Versions: Zingbox Inspector versions 1.293 and earlier Description: A security issue exists due to the failure to neutralize special elements in the network traffic handler. This could allow a remote attacker to intercept and modify software update...

Bumble: SSO through odnoklassniki uses http rather than https

SUMMARY When using single-sign on through odnoklassniki, the user is sent to an http non-https URL, allowing an attacker under some conditions to log in to the victim's Badoo account by stealing odnoklassniki credentials, as well as to execute a CSRF-attack on the log-in form. RECOMMENDATION Let...

CVE-2019-9463

In Platform, there is a possible bypass of user interaction requirements due to background app interception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID...

CVE-2019-9463

In Platform, there is a possible bypass of user interaction requirements due to background app interception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID...

CVE-2019-9463

In Platform, there is a possible bypass of user interaction requirements due to background app interception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID...

Machine-In-The-Middle

Overview Versions of https-proxy-agent prior to 2.2.3 are vulnerable to Machine-In-The-Middle. The package fails to enforce TLS on the socket if the proxy server responds the to the request with a HTTP status different than 200. This allows an attacker with access to the proxy server to intercept...

CVE-2019-12665

A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to read and modify data that should normally have been sent via an encrypted channel. The vulnerability is due to TCP port information not being considered when matching new...

MGASA-2019-0284 Updated ibus packages fix security vulnerability

It was discovered that any unprivileged user could monitor and send method calls to the ibus bus of another user, due to a misconfiguration during the setup of the DBus server. When ibus is in use, a local attacker, who discovers the UNIX socket used by another user connected on a graphical...

[SECURITY] [DSA 4525-1] ibus security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4525-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 18, 2019 https://www.debian.org/security/faq -...

qpid-proton: TLS Man in the Middle Vulnerability

A cryptographic weakness was discovered in qpid-proton's use of TLS. If the qpid-proton client was used without client certificates, it would accept an anonymous cipher offered by the server. A man-in-the-middle attacker could use this to silently intercept traffic that should have been encrypted...

About the security content of iOS 12 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

qpid-proton: TLS Man in the Middle Vulnerability

A cryptographic weakness was discovered in qpid-proton's use of TLS. If the qpid-proton client was used without client certificates, it would accept an anonymous cipher offered by the server. A man-in-the-middle attacker could use this to silently intercept traffic that should have been encrypted...

ibus defect vulnerability

ibus is an input framework for Linux/Unix platforms. A security vulnerability exists in ibus, which stems from a failure to configure the Dbus server settings correctly. A local attacker could use this vulnerability to intercept all keystrokes of an affected user, modify the input method engine, ...

CVE-2019-14822

A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is usi...

UBUNTU-CVE-2019-14822

A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is usi...

1B Mobile Users Vulnerable to Ongoing ‘SimJacker’ Surveillance Attack

A vulnerability discovered in mobile SIM cards is being actively exploited to track phone owners’ locations, intercept calls and more – all merely by sending an SMS message to victims, researchers say. Researchers on Thursday disclosed what they said is a widespread, ongoing exploit of a SIM...

CVE-2019-11769

An issue was discovered in TeamViewer 14.2.2558. Updating the product as a non-administrative user requires entering administrative credentials into the GUI. Subsequently, these credentials are processed in Teamviewer.exe, which allows any application running in the same non-administrative user...

CVE-2019-11769

An issue was discovered in TeamViewer 14.2.2558. Updating the product as a non-administrative user requires entering administrative credentials into the GUI. Subsequently, these credentials are processed in Teamviewer.exe, which allows any application running in the same non-administrative user...