102 matches found
CVE-2025-13476
Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection DPI systems to trivially identify and block proxy traffic, undermining censorship circumvention...
EUVD-2025-208314
Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection DPI systems to trivially identify and block proxy traffic, undermining censorship circumvention...
CVE-2025-13476
Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection DPI systems to trivially identify and block proxy traffic, undermining censorship circumvention...
CVE-2025-13476
Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection DPI systems to trivially identify and block proxy traffic, undermining censorship circumvention...
CVE-2025-13476 Rakuten Viber uses broken or risky cryptographic Algorithm
Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection DPI systems to trivially identify and block proxy traffic, undermining censorship circumvention...
CVE-2025-13476
The CVE-2025-13476 entry concerns Rakuten Viber in Cloak mode on Android 25.7.2.0g and Windows 25.6.0.0–25.8.1.0, where a static, predictable TLS ClientHello fingerprint with limited extension diversity enables DPI systems to reliably identify and block proxy traffic, undermining censorship circu...
CVE-2025-13476 Rakuten Viber uses broken or risky cryptographic Algorithm
Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection DPI systems to trivially identify and block proxy traffic, undermining censorship circumvention...
Rakuten Viber Desktop 安全漏洞
Rakuten Viber Desktop is a messaging application developed by Luxembourg-based Viber Inc. There is a security vulnerability in Rakuten Viber Desktop, which stems from the use of a static and predictable TLS ClientHello fingerprint. This vulnerability may lead to the identification and prevention ...
PT-2026-23467
Name of the Vulnerable Software and Affected Versions Rakuten Viber versions 25.6.0.0 through 25.8.1.0 Description Rakuten Viber’s Cloak mode on Android version 25.7.2.0g and Windows versions 25.6.0.0 through 25.8.1.0 employs a consistent TLS ClientHello fingerprint that lacks extension diversity...
A flawed TLS handshake implementation affects Viber Proxy in multiple platforms
Overview The Rakuten Viber messaging app for Android V25.7.2.0g and Windows V25.6.0.0-V25.8.1.0, has a flaw in its TLS handshake implementation when using the Cloak proxy configuration. This flaw allows for easy identification of proxy usage, potentially compromising user anonymity. Description...
CVE-2019-18800
Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all Viber protocol traffic is encrypted. TCP data packet 9 on port 4244 from the victim's device contains cleartext information such as the device model and OS...
CVE-2019-12569
A vulnerability in Viber before 10.7.0 for Desktop Windows could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI. An attacker could exploit this vulnerability by convincing a targeted user to follow...
Russia-Aligned Hackers Abuse Viber to Target Ukrainian Military and Government
The Russia-aligned threat actor known as UAC-0184 has been observed targeting Ukrainian military and government entities by leveraging the Viber messaging platform to deliver malicious ZIP archives. "This organization has continued to conduct high-intensity intelligence gathering activities again...
EUVD-2020-6211
Malware in sbrugna...
EUVD-2019-8505
Malware in sbrugna...
EUVD-2018-15773
Malware in sbrugna...
EUVD-2019-4163
Malware in sbrugna...
EUVD-2025-29050
Malicious code in bioql PyPI...
EUVD-2024-50871
Malicious code in bioql PyPI...
CVE-2025-55996
Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward interface...