Filtered by vendor Tencent Subscriptions
Total 25 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-39988 1 Tencent 1 Wxsync 2024-09-24 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in 标准云(std.Cloud) WxSync plugin <= 2.7.23 versions.
CVE-2023-40829 1 Tencent 1 Enterprise Wechat Privatization 2024-09-18 7.5 High
There is an interface unauthorized access vulnerability in the background of Tencent Enterprise Wechat Privatization 2.5.x and 2.6.930000.
CVE-2011-4864 2 Google, Tencent 2 Android, Mobileqq 2024-09-17 N/A
The Tencent MobileQQ (com.tencent.mobileqq) application 2.2 for Android does not properly protect data, which allows remote attackers to read or modify messages and a friends list via a crafted application.
CVE-2011-4867 2 Android, Tencent 2 Android, Qqpphoto 2024-09-17 N/A
The Tencent QQPhoto (com.tencent.qqphoto) application 0.97 for Android does not properly protect data, which allows remote attackers to read or modify contact information and a password hash via a crafted application.
CVE-2011-4865 2 Google, Tencent 3 Android, Microblogpad, Wblog 2024-09-16 N/A
The Tencent WBlog (com.tencent.WBlog) 3.3.1 and MicroBlogPad 1.4.0 applications for Android do not properly protect data, which allows remote attackers to read or modify message drafts and search keywords via a crafted application.
CVE-2023-52286 1 Tencent 1 Tencent Distributed Sql 2024-09-09 7.5 High
Tencent tdsqlpcloud through 1.8.5 allows unauthenticated remote attackers to discover database credentials via an index.php/api/install/get_db_info request, a related issue to CVE-2023-42387.
CVE-2011-4863 2 Google, Tencent 2 Android, Qqpimsecure 2024-08-07 N/A
The Tencent QQPimSecure (com.tencent.qqpimsecure) application 3.0.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS/MMS messages and a contact list via a crafted application.
CVE-2018-13439 1 Tencent 1 Wechat Pay 2024-08-05 N/A
WXPayUtil in WeChat Pay Java SDK allows XXE attacks involving a merchant notification URL.
CVE-2018-11616 1 Tencent 1 Foxmail 2024-08-05 N/A
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Tencent Foxmail 7.2.9.115. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5543.
CVE-2019-17151 1 Tencent 1 Wechat 2024-08-05 5.4 Medium
This vulnerability allows remote attackers redirect users to an external resource on affected installations of Tencent WeChat Prior to 7.0.9. User interaction is required to exploit this vulnerability in that the target must be within a chat session together with the attacker. The specific flaw exists within the parsing of a users profile. The issue lies in the failure to properly validate a users name. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9302.
CVE-2019-13125 1 Tencent 1 Habomalhunter 2024-08-04 N/A
HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evade dynamic malware analysis via PIE compilation.
CVE-2019-11419 1 Tencent 1 Wechat 2024-08-04 5.5 Medium
vcodec2_hls_filter in libvoipCodec_v7a.so in the WeChat application through 7.0.3 for Android allows attackers to cause a denial of service (application crash) by replacing an emoji file (under the /sdcard/tencent/MicroMsg directory) with a crafted .wxgf file. The content of the replacement must be derived from the phone's IMEI. The crash occurs upon receiving a message that contains the replaced emoji.
CVE-2020-27874 1 Tencent 1 Wechat 2024-08-04 8.8 High
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent WeChat 7.0.18. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WXAM Decoder. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11580.
CVE-2020-24160 1 Tencent 1 Tim 2024-08-04 7.8 High
Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code.
CVE-2020-24162 1 Tencent 1 Tencent 2024-08-04 7.8 High
The Shenzhen Tencent app 5.8.2.5300 for PC platforms (from Tencent App Center) has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code.
CVE-2020-10551 1 Tencent 1 Qqbrowser 2024-08-04 7.8 High
QQBrowser before 10.5.3870.400 installs a Windows service TsService.exe. This file is writable by anyone belonging to the NT AUTHORITY\Authenticated Users group, which includes all local and remote users. This can be abused by local attackers to escalate privileges to NT AUTHORITY\SYSTEM by writing a malicious executable to the location of TsService.
CVE-2021-40180 1 Tencent 1 Wechat 2024-08-04 7.5 High
In the WeChat application 8.0.10 for Android and iOS, a mini program can obtain sensitive information from a user's address book via wx.searchContacts.
CVE-2021-33879 1 Tencent 1 Gameloop 2024-08-04 8.1 High
Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one pointing to an arbitrary Windows executable. Because the only integrity check would be a comparison of the downloaded file's MD5 checksum to the one contained within the XML document, the downloaded executable would then be executed on the victim's machine.
CVE-2021-33057 1 Tencent 1 Qq 2024-08-03 7.5 High
The QQ application 8.7.1 for Android and iOS does not enforce the permission requirements (e.g., android.permission.ACCESS_FINE_LOCATION) for determining the device's physical location. An attacker can use qq.createMapContext to create a MapContext object, use MapContext.moveToLocation to move the center of the map to the device's location, and use MapContext.getCenterLocation to get the latitude and longitude of the current map center.
CVE-2021-27439 1 Tencent 1 Tencentos-tiny 2024-08-03 7.3 High
TencentOS-tiny version 3.1.0 is vulnerable to integer wrap-around in function 'tos_mmheap_alloc incorrect calculation of effective memory allocation size. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.