Security Advisory – CVE-2019-5450

Product: Nextcloud App on AndroidVendor : Nextcloud GmbH.Vulnerable Version: Nextcloud Android <Β 3.7.0Category: Improper Neutralization of Script-Related HTML Tags in a Web Page (CWE-80)Vendor Notified: 2019-06-28Patched: July 9 2019Researcher(s) : Christian AngelCVE: 2019-5450 Nextcloud is a suite of client-server software for creating and using file hosting services. Nextcloud application functionally is similar to Dropbox. Unlike Dropbox, … Continue reading Security Advisory – CVE-2019-5450

Security Advisory – CVE-2018-19937

Product: VLC for Mobile IOSVendor: VideoLAN/Open Source SoftwareVersion: 3.1.4 BelowCategory: Permissions, Privileges, and Access Control (CWE-264)Vendor Notified: 2018-11-26 11:00 PMPatched: 2018-12-21Disclosed: 2019-01-01Researcher(s): Christian AngelCVE: 2018-19937 Summary A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone. Solution Update the application to the latest version References https://apps.apple.com/ms/app/vlc-for-mobile/id650377962 https://github.com/videolan/vlc-ios/pull/178/commits/d84d7c0a94eb7fba202d2c5fc3739276d2d3986fContinue reading Security Advisory – CVE-2018-19937