Security
Headlines
HeadlinesLatestCVEs

Tag

#android

CVE-2020-8437: μTorrent Beta client release notes

The bencoding parser in BitTorrent uTorrent through 3.5.5 (build 45505) misparses nested bencoded dictionaries, which allows a remote attacker to cause a denial of service.

CVE
Open in Source
#xss#web#android#mac#windows#dos#js#java#perl#auth#zero_day#ssl
CVE-2020-9374: Hack ‘N’ Routers - Vulnerabilidades comuns em roteadores domésticos - [PT-BR]

On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's traceroute feature.

CVE-2018-3987: TALOS-2018-0655 || Cisco Talos Intelligence Group

An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Viber on Android 9.3.0.6. The 'Secret Chats' functionality allows a user to delete all traces of a chat either by using a time trigger or by direct request. There is a bug in this functionality which leaves behind photos taken and shared on the secret chats, even after the chats are deleted. These photos will be stored in the device and accessible to all applications installed on the Android device.

CVE-2020-5529: HtmlUnit vulenerable to arbitrary code execution

HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.

CVE-2020-5529: HtmlUnit vulenerable to arbitrary code execution

HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.

CVE-2020-8506: Global TV Android & iOS Applications - Unencrypted Analytics (CVE-2020-8506)

The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Unencrypted Analytics.

CVE-2020-8507: Information Security & Privacy Advisories

The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends Unencrypted Analytics.

CVE-2019-19142: Hack ‘N’ Routers - Vulnerabilidades comuns em roteadores domésticos - [PT-BR]

Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to the incoming/Firmware.cfg URI.

CVE-2019-0219: security - CVE-2019-0219: Apache Cordova InAppBrowser Privilege Escalation (Android)

A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI.

CVE-2020-0003: Android Security Bulletin—January 2020  |  Android Open Source Project

In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-check time-of-use vulnerability. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android ID: A-140195904