Lucene search
K
TencentWechat

6 matches found

CVE
CVE
added 2019/05/14 6:3 p.m.95 views

CVE-2019-11419

Summary: CVE-2019-11419 affects WeChat for Android through 7.0.3/7.0.4 where vcodec2_hls_filter in libvoipCodec_v7a.so enables a local attacker to crash the application by replacing an emoji file (under /sdcard/tencent/MicroMsg) with a crafted .wxgf file whose content is derived from the device I...

5.5CVSS5.2AI score0.04025EPSS
Web
CVE
CVE
added 2020/01/07 11:5 p.m.84 views

CVE-2019-17151

CVE-2019-17151 affects Tencent WeChat (before 7.0.9). The flaw is in parsing a user’s profile name, enabling unsafe redirection via the name field when the target is in a chat with the attacker. Exploitation requires user interaction within a chat session. The vulnerability is described as “name ...

5.8CVSS5.5AI score0.01374EPSS
CVE
CVE
added 2022/07/26 10:36 p.m.66 views

CVE-2021-40180

According to connected documents, CVE-2021-40180 affects WeChat app version 8.0.10 for Android and iOS, where a mini program can invoke wx.searchContacts to access the user's address book and obtain sensitive information. The root cause is a permissions/API misuse in the mini program environment ...

7.5CVSS7.3AI score0.01095EPSS
CVE
CVE
added 2021/02/10 10:15 p.m.61 views

CVE-2020-27874

The CVE-2020-27874 entry concerns Tencent WeChat 7.0.18 with a vulnerability in the WXAM Decoder. The flaw results from improper validation of user-supplied data, causing memory access past the end of an allocated object and leading to remote code execution. Exploitation requires user interaction...

8.8CVSS8.8AI score0.02016EPSS
CVE
CVE
added 2024/07/26 12:0 a.m.60 views

CVE-2024-40433

CVE-2024-40433 affects Tencent WeChat 8.0.37. Multiple connected sources describe an Insecure Permissions vulnerability that enables privilege escalation via the web-view component. Root cause and scope are tied to the web-view usage in WeChat, with impact described as elevation of privileges (hi...

8.8CVSS7.1AI score0.01175EPSS
CVE
CVE
added 2021/04/14 3:45 p.m.53 views

CVE-2021-27247

CVE-2021-27247 affects Tencent WeChat 2.9.5 desktop. The flaw is in the WXAM decoder where unvalidated user data allows an out-of-bounds read, exposing sensitive information. This may enable arbitrary code execution when combined with other vulnerabilities, with user interaction required (malicio...

6.5CVSS6.1AI score0.06447EPSS