Search
Search Results (5 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-4867 | 2 Android, Tencent | 2 Android, Qqpphoto | 2025-04-11 | N/A |
| The Tencent QQPhoto (com.tencent.qqphoto) application 0.97 for Android does not properly protect data, which allows remote attackers to read or modify contact information and a password hash via a crafted application. | ||||
| CVE-2011-4863 | 2 Google, Tencent | 2 Android, Qqpimsecure | 2025-04-11 | N/A |
| The Tencent QQPimSecure (com.tencent.qqpimsecure) application 3.0.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS/MMS messages and a contact list via a crafted application. | ||||
| CVE-2023-34312 | 1 Tencent | 2 Qq, Tim | 2025-01-09 | 7.8 High |
| In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition. | ||||
| CVE-2021-33057 | 1 Tencent | 1 Qq | 2024-11-21 | 7.5 High |
| The QQ application 8.7.1 for Android and iOS does not enforce the permission requirements (e.g., android.permission.ACCESS_FINE_LOCATION) for determining the device's physical location. An attacker can use qq.createMapContext to create a MapContext object, use MapContext.moveToLocation to move the center of the map to the device's location, and use MapContext.getCenterLocation to get the latitude and longitude of the current map center. | ||||
| CVE-2020-10551 | 1 Tencent | 1 Qqbrowser | 2024-11-21 | 7.8 High |
| QQBrowser before 10.5.3870.400 installs a Windows service TsService.exe. This file is writable by anyone belonging to the NT AUTHORITY\Authenticated Users group, which includes all local and remote users. This can be abused by local attackers to escalate privileges to NT AUTHORITY\SYSTEM by writing a malicious executable to the location of TsService. | ||||
Page 1 of 1.