Lucene search
+L

93 matches found

Cvelist
Cvelist
added 2020/09/14 7:13 p.m.23 views

CVE-2019-14758

An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed File Manager application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a file via email to the victim that will inject HTML into the File Manager application assuming the victim chooses to download th...

6.5AI score0.00835EPSS
Exploits0References2
CVE
CVE
added 2020/09/14 7:13 p.m.51 views

CVE-2019-14758

CVE-2019-14758 affects KaiOS 2.5 and 2.5.1. The pre-installed File Manager is vulnerable to HTML/JavaScript injection when a victim opens a file received via email and downloaded. The issue can let an attacker take control of the File Manager UI (for example, showing a malicious prompt to harvest...

6.1CVSS6.4AI score0.00835EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/09/14 7:7 p.m.52 views

CVE-2019-14757

CVE-2019-14757 affects KaiOS 2.5 and 2.5.1. The pre-installed Contacts app is vulnerable to HTML and JavaScript injection when a victim imports a crafted vCard file. The issue enables an attacker to inject HTML into the Contacts UI, potentially displaying malicious prompts and prompting users to ...

6.1CVSS6.4AI score0.00835EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/09/14 7:7 p.m.18 views

CVE-2019-14757

An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed Contacts application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a vCard file to the victim that will inject HTML into the Contacts application assuming the victim chooses to import the file. At a...

6.5AI score0.00835EPSS
Exploits0References2
CVE
CVE
added 2020/09/14 6:32 p.m.42 views

CVE-2019-14756

KaiOS Email app (pre-installed) on KaiOS 1.0, 2.5 and 2.5.12.5 is vulnerable to HTML/JavaScript injection via specially crafted emails. When such an email is opened, HTML can be injected into the Email UI, potentially allowing UI control (e.g., prompting for credentials) and abuse of app privileg...

6.1CVSS6.4AI score0.00798EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/09/14 6:32 p.m.22 views

CVE-2019-14756

An issue was discovered in KaiOS 1.0, 2.5, and 2.5.12.5. The pre-installed Email application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a specially crafted email to the victim that will inject HTML into the email application's UI as soon as the email is opened. A...

6.4AI score0.00798EPSS
Exploits1References1
OSV
OSV
added 2019/11/26 4:15 p.m.5 views

CVE-2019-16243

On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an undocumented web API that allows unprivileged JavaScript, including JavaScript running within the KaiOS browser, to view and edit the device's firmware over-the-air update settings. This web API is normally used by the system application...

6.1CVSS6.4AI score0.00746EPSS
Exploits1References2
OSV
OSV
added 2019/03/21 4:1 p.m.2 views

CVE-2019-7386

A Denial of Service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 platform 48.0.a2 on Nokia 8810 4G devices. When a crafted web page is visited with the internal browser, the Gecko process crashes with a segfault. Successful exploitation could lead to the remote code executi...

6.5CVSS7.1AI score0.03681EPSS
Exploits3References6
Prion
Prion
added 2019/03/21 4:1 p.m.13 views

Remote code execution

A Denial of Service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 platform 48.0.a2 on Nokia 8810 4G devices. When a crafted web page is visited with the internal browser, the Gecko process crashes with a segfault. Successful exploitation could lead to the remote code executi...

7.1CVSS6.8AI score0.03681EPSS
Exploits3References6Affected Software2
Cvelist
Cvelist
added 2019/03/17 7:22 p.m.26 views

CVE-2019-7386

A Denial of Service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 platform 48.0.a2 on Nokia 8810 4G devices. When a crafted web page is visited with the internal browser, the Gecko process crashes with a segfault. Successful exploitation could lead to the remote code executi...

7AI score0.03681EPSS
Exploits3References8
CVE
CVE
added 2019/03/17 7:22 p.m.76 views

CVE-2019-7386

CVE-2019-7386 concerns KaiOS 2.5 / Nokia 8810 4G, where the Gecko component may crash (segfault) in the internal browser when loading a crafted page. This can lead to remote code execution on the device, as described in multiple sources referencing KaiOS 2.5 10.05 with platform 48.0.a2. Public de...

7.1CVSS6.8AI score0.03681EPSS
Exploits3References8Affected Software2
CNVD
CNVD
added 2019/02/27 12:0 a.m.5 views

KaiOS Gecko Component Denial of Service Vulnerability in Nokia 8810 4G Devices

The Nokia 8810 4G is a generation of banana model phones. A security vulnerability exists in the Gecko component of KaiOS version 2.5 10.05 on Nokia 8810 4G devices. The vulnerability can be exploited by an attacker to execute code or cause a denial of service with the help of a specially crafted...

7.1CVSS7.2AI score0.03681EPSS
Exploits3References1
0day.today
0day.today
added 2019/02/13 12:0 a.m.75 views

Nokia 8810 Denial Of Service Exploit

A denial of service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 platform 48.0.a2 on Nokia 8810 4G devices. When a crafted web page is visited with the internal browser, the Gecko process crashes with a segfault. Successful exploitation could lead to the remote code executi...

7.1CVSS0.6AI score0.03681EPSS
Exploits3
Rows per page
Query Builder