About the security content of Texture 5.11.10 for iOS

About the security content of Texture 5.11.10 for iOS This document describes the security content of Texture 5.11.10 for iOS. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

Vanilla: Stored XSS in embedded posts containing images

Summary: Embedded posts containing images can be maliciously crafted to insert Javascript code to run on page load. Description: Steps to reproduce: 1. Ensure you are logged into an account no special permissions are needed 2. Navigate to any page with the richEditor component e.g. any forum post...

Google Play Boots Italian Spyware Apps That Infected Hundreds

Google has removed more than a dozen malicious apps harboring Android spyware from its Google Play marketplace. The spyware appears to have been developed by an Italian firm, which is now under investigation for its development. Researchers allege that the apps have infected several hundred – up ...

Design/Logic Flaw

The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro IC...

Authentication flaw

The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro IC...

CVE-2019-6538

The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro IC...

CVE-2019-6538 Medtronic Conexus Radio Frequency Telemetry Protocol Improper Access Control

The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro IC...

Access Control Error Vulnerability in Multiple Medtronic Products

MyCareLink Monitor and others are products developed by Medtronic. An Access Control Error vulnerability exists in multiple Medtronic products that stems from a failure of the Conexus telemetry protocol to perform authorization or authentication, which could be exploited by an attacker to inject,...

About the security content of iOS 12.2

About the security content of iOS 12.2 This document describes the security content of iOS 12.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recen...

Androwarn - Yet Another Static Code Analyzer For Malicious Android Applications

Androwarn is a tool whose main aim is to detect and warn the user about potential malicious behaviours developped by an Android application. The detection is performed with the static analysis of the application's Dalvik bytecode, represented as Smali, with the androguard library. This analysis...

Medtronic's Implantable Defibrillators Vulnerable to Life-Threatening Hacks

The U.S. Department of Homeland Security Thursday issued an advisory warning people of severe vulnerabilities in over a dozen heart defibrillators that could allow attackers to fully hijack them remotely, potentially putting lives of millions of patients at risk. Cardioverter Defibrillator is a...

Semmle: Unprotected Api EndPoints

Summary: I am able to automate the get/post requests of the following api end-points with a python script which can lead to heavy load to server resulting in dos attack or buffer overflow. /internalapi/v0.2/getSuggestedProjects /internalapi/v0.2/getLanguages /internalapi/v0.2/getLoggedInUser...

Zomato: [www.zomato.com] Availing Zomato Gold membership for free by tampering plan id(s)

Summary: Get free zomato gold membership using zomato iOS app. Description: add more details about this vulnerability 1 Login to the zomato iOS application. 2 Select zomato gold from the home screen. 3 Depending on your location, you will see different gold pack options. 4 Select any gold pack. 5...

CVE-2018-1938

IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153318...

CVE-2018-1937

IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153317...

CVE-2018-1937

IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153317...

CVE-2018-1937

IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153317...

CVE-2018-1937

IBM Cloud Private 3.1.1 is affected by CVE-2018-1937. A local administrator could intercept highly sensitive unencrypted data due to insecure intra-service communications (IAM and OpenShift) over HTTP. The IBM Security Bulletin confirms the impact is data disclosure with local access and provides...

WePay: Active mixed content issues on the site https://stage-go.wepay.com.

Hello. Summary: Page https://stage-go.wepay.com/static/ contains active mixed content: Description: Passive mixed content is content sent over HTTP that is contained on the HTTPS page, but which can not change other parts of the page. For example, an attacker can replace a picture sent via HTTP...

New Attacks Against 4G, 5G Mobile Networks Re-Enable IMSI Catchers

At NDSS Symposium 2019, a group of university researchers yesterday revealed newly discovered cellular network vulnerabilities that impact both 4G and 5G LTE protocols. According to a paper published by the researchers, "Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channe...