Security Advisory – CVE-2019-5450

Product: Nextcloud App on AndroidVendor : Nextcloud GmbH.Vulnerable Version: Nextcloud Android < 3.7.0Category: Improper Neutralization of Script-Related HTML Tags in a Web Page (CWE-80)Vendor Notified: 2019-06-28Patched: July 9 2019Researcher(s) : Christian AngelCVE: 2019-5450 Nextcloud is a suite of client-server software for creating and using file hosting services. Nextcloud application functionally is similar to Dropbox. Unlike Dropbox, … Continue reading Security Advisory – CVE-2019-5450

Security Advisory – CVE-2018-19937

Product: VLC for Mobile IOSVendor: VideoLAN/Open Source SoftwareVersion: 3.1.4 BelowCategory: Permissions, Privileges, and Access Control (CWE-264)Vendor Notified: 2018-11-26 11:00 PMPatched: 2018-12-21Disclosed: 2019-01-01Researcher(s): Christian AngelCVE: 2018-19937 Summary A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone. Solution Update the application to the latest version References reading Security Advisory – CVE-2018-19937