CVE-2020-12270

React Native Bluetooth Scan in Bluezone 1.0.0 uses six-character alphanumeric IDs, which might make it easier for remote attackers to interfere with COVID-19 contact tracing by using many IDs. NOTE: the vendor disputes the relevance of this report because the recipient of an F1 alert will know it...

Design/Logic Flaw

React Native Bluetooth Scan in Bluezone 1.0.0 uses six-character alphanumeric IDs, which might make it easier for remote attackers to interfere with COVID-19 contact tracing by using many IDs. NOTE: the vendor disputes the relevance of this report because the recipient of an F1 alert will know it...

CVE-2020-12270

CVE-2020-12270 : Affects Bluezone 1.0.0 through the React Native Bluetooth Scan component. The root cause is use of insufficiently random values to generate six-character alphanumeric IDs, which could let a remote attacker interfere with COVID-19 contact tracing by issuing many IDs. Exploitation ...

CVE-2020-12270

React Native Bluetooth Scan in Bluezone 1.0.0 uses six-character alphanumeric IDs, which might make it easier for remote attackers to interfere with COVID-19 contact tracing by using many IDs. NOTE: the vendor disputes the relevance of this report because the recipient of an F1 alert will know it...

@gsandf/react-native-oauth (>=2.1.16 <=2.2.2), react-native-oauth (>=1.1.0 <=2.2.0) +5 more potentially affected by CVE-2019-10805 via valib (=2.0.0)

valib NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on valib and may be impacted: - @gsandf/react-native-oauth =2.1.16, =1.1.0, =2.1.16, =2.1.15, =0.1.0, =0.4.6 Source cves: CVE-2019-10805 Source advisory: SNYK:JS-VALIB-559015...

Denial Of Service (DoS) Through Memory Leak

react-native-camera-kit is vulnerable to denial of service DoS attacks. The vulnerability exists due to the unreleased imageRef in the function snapStillImage in file CKCamera.m, allowing an attacker to trigger a memory exhaustion attack resulting in a system hang...

Denial Of Service (DoS) Through Infinite Loop

react-native-root-siblings is vulnerable to denial of service DoS attack. The vulnerability is due to a faulty iteration logic in the function getActiveManager in RootSiblingsManager, triggering an infinite loop and consuming CPU memory...

CVE-2019-12164

ubuntu-server.js in Status React Native Desktop before v0.57.8mobileui allows Remote Code Execution...

CVE-2019-12164

ubuntu-server.js in Status React Native Desktop before v0.57.8mobileui allows Remote Code Execution...

Remote code execution

ubuntu-server.js in Status React Native Desktop before v0.57.8mobileui allows Remote Code Execution...

CVE-2019-12164

Affected software: Status React Native Desktop prior to v0.57.8_mobile_ui (ubuntu-server.js). Vulnerability: remote code execution via ubuntu-server.js. Impact & scope: reported RCE in the desktop component; CVE-2019-12164. Mitigation status: no remediation details provided in the connected docum...

4everland-pinning (>=1.0.4 <=1.0.10), @0x5e/homebridge-tuya-platform (>=1.6.0 <=1.7.0-beta.58) +3260 more potentially affected by CVE-2019-5432 via mqtt-packet (>=6.0.0 <=6.10.0)

mqtt-packet NPM version =6.0.0, =1.0.4, =1.6.0, =1.0.1, =0.2.0, =0.4.19, =0.12.0, =0.1.5, =0.1.8, =0.1.3, =0.12.0, =0.1.0, =0.8.3, =0.12.0, =0.12.0, =0.12.0, =0.14.4 and more Source cves: CVE-2019-5432 Source advisory: OSV:GHSA-WV67-9JQ7-8R69...

@anzeblabla/react-native-markdown-editor (>=1.0.3 <=2.1.1), @gorangajic/react-native-markdown (=0.1.1) +22 more potentially affected by CVE-2019-9844 via simple-markdown (>=0.0.9 <=0.4.2)

simple-markdown NPM version =0.0.9, =1.0.3, =1.3.0, =1.0.1, =1.0.4, =2.3.0, =0.1.0, =1.2.0, =2.4.0, =1.2.0, =1.1.0, =1.0.0, =1.10.0 and more Source cves: CVE-2019-9844 Source advisory: OSV:GHSA-QJ3F-9GMQ-FWV5...

Memory Leak

react-native-video is vulnerable to memory leak. The vulnerability is possible because it does not properly handle the mp.selectTrack call to listen to timed meta data update...

How was I to find Donald Daters applications database vulnerabilities-vulnerability warning-the black bar safety net

Monday night as usual I watch TV to pass the time, but there is nothing interesting in the program. So I decided on the phone looking for fun, I started aimlessly on Twitter through various tweets, a Fox News push content caught my attention. ! Someone of Trump's supporters developed a...

GHSA-8HJ4-W233-G35Q Downloads Resources over HTTP in react-native-baidu-voice-synthesizer

Affected versions of react-native-baidu-voice-synthesizer insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in...

Unspecified vulnerability in react-native-meteor-oauth

react-native-meteor-oauth is a plugin for logging in to the Meteor server in React Native. A security vulnerability exists in react-native-meteor-oauth, which stems from the program's use of a weakly encrypted pseudo-random number generator to generate oauth random tokens Random Token. An attacke...

react-native-baidu-voice-synthesizer code execution vulnerability

react-native-baidu-voice-synthesizer is a speech synthesizer for use in Node.js. A security vulnerability exists in react-native-baidu-voice-synthesizer, which originates when the program downloads a binary file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerabilit...

CVE-2017-16028

react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG Math.random...

CVE-2017-16028

react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG Math.random...