18 matches found
EUVD-2014-6571
Malware in sbrugna...
EUVD-2022-40719
Malicious code in bioql PyPI...
CVE-2022-39043
Juiker app stores debug logs which contains sensitive information to mobile external storage. An unauthenticated physical attacker can access these files to acquire partial user information such as personal contacts...
CVE-2022-39043
Juiker app stores debug logs which contains sensitive information to mobile external storage. An unauthenticated physical attacker can access these files to acquire partial user information such as personal contacts...
Information disclosure
Juiker app stores debug logs which contains sensitive information to mobile external storage. An unauthenticated physical attacker can access these files to acquire partial user information such as personal contacts...
CVE-2022-39043 Juiker app - Information Leakage
Juiker app stores debug logs which contains sensitive information to mobile external storage. An unauthenticated physical attacker can access these files to acquire partial user information such as personal contacts...
Juiker 信息泄露漏洞
Juiker is an instant messaging software for government and enterprise organizations from Juiker. An information disclosure vulnerability exists in Juiker version 4.6.0607.1, which originates from storing debug logs containing sensitive information to removable external storage. An attacker could...
CVE-2022-39043
Juiker app suffers an information disclosure vulnerability caused by storing debug logs on the mobile device’s external storage. Multiple sources describe that an unauthenticated physical attacker could access these logs and obtain partial user information (e.g., personal contacts). Some reports ...
CVE-2022-39043 Juiker app - Information Leakage
Juiker app stores debug logs which contains sensitive information to mobile external storage. An unauthenticated physical attacker can access these files to acquire partial user information such as personal contacts...
CVE-2022-38117
Juiker app hard-coded its AES key in the source code. A physical attacker, after getting the Android root privilege, can use the AES key to decrypt users’ ciphertext and tamper with it...
CVE-2022-38117
Juiker app hard-coded its AES key in the source code. A physical attacker, after getting the Android root privilege, can use the AES key to decrypt users’ ciphertext and tamper with it...
CVE-2022-38117 Juiker app - Hard-coded Credentials
Juiker app hard-coded its AES key in the source code. A physical attacker, after getting the Android root privilege, can use the AES key to decrypt users’ ciphertext and tamper with it...
CVE-2022-38117 Juiker app - Hard-coded Credentials
Juiker app hard-coded its AES key in the source code. A physical attacker, after getting the Android root privilege, can use the AES key to decrypt users’ ciphertext and tamper with it...
CVE-2022-38117
The CVE-2022-38117 entry describes Juiker app hard-coding an AES key in its source code. A to-the-point consequence is that a physical attacker who gains Android root privileges can use the embedded key to decrypt users’ ciphertext and tamper with it. The connected documents confirm the root-caus...
CVE-2014-6693
The Juiker aka org.itri application 3.2.0829.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Information disclosure
The Juiker aka org.itri application 3.2.0829.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-6693
The CVE-2014-6693 entry concerns the Juiker (aka org.itri) Android application, version 3.2.0829.1, which fails to verify X.509 SSL certificates when connecting to servers. Root cause is lack of certificate verification, enabling man-in-the-middle attackers to spoof legitimate servers and obtain ...
CVE-2014-6693
The Juiker aka org.itri application 3.2.0829.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...