Lucene search
K
KaiostechKaios

10 matches found

CVE
CVE
added 2019/03/17 7:22 p.m.73 views

CVE-2019-7386

CVE-2019-7386 concerns KaiOS 2.5 / Nokia 8810 4G, where the Gecko component may crash (segfault) in the internal browser when loading a crafted page. This can lead to remote code execution on the device, as described in multiple sources referencing KaiOS 2.5 10.05 with platform 48.0.a2. Public de...

7.1CVSS6.8AI score0.03681EPSS
CVE
CVE
added 2023/05/22 12:0 a.m.57 views

CVE-2023-33294

KaiOS 3.0 before 3.1 is affected by CVE-2023-33294 due to the /system/bin/tctweb_server local web server listening on port 2929 that accepts arbitrary Bash commands and runs them as root. The server is not permission/context restricted and returns CORS headers, making it reachable from any websit...

9.8CVSS9AI score0.00932EPSS
CVE
CVE
added 2023/05/22 12:0 a.m.54 views

CVE-2023-33293

CVE-2023-33293 affects KaiOS 3.0 and 3.1. The /system/kaios/api-daemon binary hosts a local web server at *.localhost with per-application subdomains (e.g., myapp.localhost). A malicious user can issue requests to the api-daemon to check whether a specific app is installed and to read manifest.we...

5.3CVSS5.1AI score0.0056EPSS
CVE
CVE
added 2023/05/01 12:0 a.m.53 views

CVE-2023-27108

CVE-2023-27108 (KaiOS 3.0) concerns the pre-installed Communications app, which exposes a Web Activity that returns the user’s call log without origin or permission checks. An attacker can inject a JavaScript payload that runs in a browser or app with no user interaction or consent, enabling exfi...

5.3CVSS5.2AI score0.00567EPSS
CVE
CVE
added 2020/09/14 7:7 p.m.50 views

CVE-2019-14757

CVE-2019-14757 affects KaiOS 2.5 and 2.5.1. The pre-installed Contacts app is vulnerable to HTML and JavaScript injection when a victim imports a crafted vCard file. The issue enables an attacker to inject HTML into the Contacts UI, potentially displaying malicious prompts and prompting users to ...

6.1CVSS6.4AI score0.00835EPSS
CVE
CVE
added 2020/09/14 7:13 p.m.49 views

CVE-2019-14758

CVE-2019-14758 affects KaiOS 2.5 and 2.5.1. The pre-installed File Manager is vulnerable to HTML/JavaScript injection when a victim opens a file received via email and downloaded. The issue can let an attacker take control of the File Manager UI (for example, showing a malicious prompt to harvest...

6.1CVSS6.4AI score0.00835EPSS
CVE
CVE
added 2020/09/14 7:24 p.m.49 views

CVE-2019-14761

CVE-2019-14761 affects KaiOS 2.5, specifically the pre-installed Note application. The vulnerability is HTML/JavaScript injection in the Note app, exploitable by a local attacker to inject arbitrary HTML and take control of the app’s UI (e.g., prompt user to re-enter KaiOS credentials) and to abu...

4.4CVSS4.9AI score0.00405EPSS
CVE
CVE
added 2020/09/14 7:21 p.m.47 views

CVE-2019-14760

The CVE-2019-14760 issue affects KaiOS 2.5 and its pre-installed Recorder application, described as HTML/JavaScript injection. A local attacker can inject arbitrary HTML into the Recorder UI, potentially displaying prompts to capture credentials or otherwise abusing the app’s privileges. The conn...

4.4CVSS4.9AI score0.00405EPSS
CVE
CVE
added 2020/09/14 7:17 p.m.44 views

CVE-2019-14759

The CVE-2019-14759 entry applies to KaiOS 1.0, 2.5, and 2.5.1, affecting the pre-installed Radio app. A local attacker can perform HTML/JavaScript injection to inject arbitrary HTML into the Radio UI, potentially prompting credential re-entry and enabling abuse of the app’s privileges. This descr...

4.4CVSS4.9AI score0.00383EPSS
CVE
CVE
added 2020/09/14 6:32 p.m.41 views

CVE-2019-14756

KaiOS Email app (pre-installed) on KaiOS 1.0, 2.5 and 2.5.12.5 is vulnerable to HTML/JavaScript injection via specially crafted emails. When such an email is opened, HTML can be injected into the Email UI, potentially allowing UI control (e.g., prompting for credentials) and abuse of app privileg...

6.1CVSS6.4AI score0.00798EPSS