CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A vulnerability was found in Ucweb UC Browser 11.2.5.932. It has been classified as critical. Affected is an unknown function of the component HTML Handler. The manipulation of the argument title leads to improper restriction of rendered ui layers URL. It is possible to launch the attack remotely...

6.5CVSS0.00207EPSS

Exploits1References2

Prion•added 2022/06/13 7:15 a.m.•17 views

Hardcoded credentials

4.3CVSS6.5AI score0.00207EPSS

Exploits1References2Affected Software1

Cvelist•added 2022/06/13 6:50 a.m.•17 views

CVE-2017-20041 Ucweb UC Browser HTML URL improper restriction of rendered ui layers

5.4CVSS6.6AI score0.00207EPSS

Exploits1References2

CVE•added 2022/06/13 6:50 a.m.•46 views

CVE-2017-20041

UC Browser 11.2.5.932 is affected by CVE-2017-20041 due to the HTML Handler: manipulation of the title argument leads to improper restriction of rendered UI layers (URL). The issue is exploitable remotely and the exploit has been disclosed publicly. No patch/version remediation details are provid...

6.5CVSS6AI score0.00207EPSS

Exploits1References2Affected Software1

CNNVD•added 2022/06/13 12:0 a.m.•1 views

UCWeb 安全漏洞

UCWeb is a browser. A security vulnerability exists in UCWeb version 11.2.5.932, which originates in the component HTML handler, where manipulation of parameter headers can lead to improper restriction of the rendered ui layer URL...

6.5CVSS6.3AI score0.00207EPSS

Exploits1References3

OSV•added 2021/08/14 9:15 p.m.•0 views

CVE-2020-36473

UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and thus man-in-the-middle attackers can discover visited URLs...

3.7CVSS5.8AI score

Exploits0References1

NVD•added 2021/08/14 9:15 p.m.•11 views

CVE-2020-36473

UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and thus man-in-the-middle attackers can discover visited URLs...

4.3CVSS0.00166EPSS

Exploits0References1

Prion•added 2021/08/14 9:15 p.m.•9 views

Command injection

UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and thus man-in-the-middle attackers can discover visited URLs...

4.3CVSS4.4AI score0.00166EPSS

Exploits0References1Affected Software1

CVE•added 2021/08/14 8:49 p.m.•84 views

CVE-2020-36473

CVE-2020-36473 affects UCWeb UC browser versions 12.12.3.1219–12.12.3.1226. The root cause is the use of plaintext HTTP, enabling man-in-the-middle attackers to discover the URLs visited by a user. All cited sources (NVD, Red Hat, CNNVD) confirm the affected product/version range and the resultin...

4.3CVSS4.4AI score0.00166EPSS

Exploits0References1Affected Software1

Cvelist•added 2021/08/14 8:49 p.m.•12 views

CVE-2020-36473

UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and thus man-in-the-middle attackers can discover visited URLs...

4.3AI score0.00166EPSS

Exploits0References1

The Hacker News•added 2020/10/21 7:2 a.m.•2 views

Popular Mobile Browsers Found Vulnerable To Address Bar Spoofing Attacks

--- Graphic for illustration Cybersecurity researchers on Tuesday disclosed details about an address bar spoofing vulnerability affecting multiple mobile browsers, such as Apple Safari and Opera Touch, leaving the door open for spear-phishing attacks and delivering malware. Other impacted browser...

6AI score

Exploits0

NVD•added 2020/10/20 5:15 p.m.•12 views

CVE-2020-7363

User Interface UI Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb's UC Browser version 13.0.8 and prior versions...

4.3CVSS0.00204EPSS

Exploits1References2

NVD•added 2020/10/20 5:15 p.m.•12 views

CVE-2020-7364

4.3CVSS0.00204EPSS

Exploits1References2

Prion•added 2020/10/20 5:15 p.m.•17 views

Design/Logic Flaw

4.3CVSS4.6AI score0.00204EPSS

Exploits1References2Affected Software1

Prion•added 2020/10/20 5:15 p.m.•14 views

Design/Logic Flaw