Security
Headlines
HeadlinesLatestCVEs

Tag

#android

CVE-2020-9281: GitHub - ckeditor/ckeditor4: The best enterprise-grade WYSIWYG editor. Fully customizable with countless features and plugins.

A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).

CVE
Open in Source
#xss#vulnerability#web#ios#android#google#microsoft#nodejs#js#git#java
CVE-2020-8437: μTorrent Beta client release notes

The bencoding parser in BitTorrent uTorrent through 3.5.5 (build 45505) misparses nested bencoded dictionaries, which allows a remote attacker to cause a denial of service.

CVE-2020-9374: Hack ‘N’ Routers - Vulnerabilidades comuns em roteadores domésticos - [PT-BR]

On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's traceroute feature.

CVE-2018-3987: TALOS-2018-0655 || Cisco Talos Intelligence Group

An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Viber on Android 9.3.0.6. The 'Secret Chats' functionality allows a user to delete all traces of a chat either by using a time trigger or by direct request. There is a bug in this functionality which leaves behind photos taken and shared on the secret chats, even after the chats are deleted. These photos will be stored in the device and accessible to all applications installed on the Android device.

CVE-2020-5529: HtmlUnit vulenerable to arbitrary code execution

HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.

CVE-2020-5529: HtmlUnit vulenerable to arbitrary code execution

HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.

CVE-2020-8506: Global TV Android & iOS Applications - Unencrypted Analytics (CVE-2020-8506)

The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Unencrypted Analytics.

CVE-2020-8507: Information Security & Privacy Advisories

The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends Unencrypted Analytics.

CVE-2019-19142: Hack ‘N’ Routers - Vulnerabilidades comuns em roteadores domésticos - [PT-BR]

Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to the incoming/Firmware.cfg URI.

CVE-2019-0219: security - CVE-2019-0219: Apache Cordova InAppBrowser Privilege Escalation (Android)

A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI.